Webcast: Honeynets
Thanks LinuxSecurity.com for pointing out an upcoming webcast on Wednesday regarding Honeynets.
Lance Spitzner (personal hero of mine, drove a tank, blah blah blah) will be speaking on the top 3 advances in honeynet technology. Some other guy is talking after Lance, but he didn't used to drive a tank, so I'm just not interested.
The webcast is hosted by SANS and can be accessed by clicking here.
:: Posted at 11:12 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Thanks LinuxSecurity.com for pointing out an upcoming webcast on Wednesday regarding Honeynets.
Lance Spitzner (personal hero of mine, drove a tank, blah blah blah) will be speaking on the top 3 advances in honeynet technology. Some other guy is talking after Lance, but he didn't used to drive a tank, so I'm just not interested.
The webcast is hosted by SANS and can be accessed by clicking here.
:: Posted at 11:12 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
RIAA, please go to Hell
Do not pass GO, do not collect $200. Go directly to Hell. Yes, now would be great. We'll send your things, just go.
Here's to hoping the RIAA and its money-grubbing greedy members all go broke suing judgement-proof college kids sharing music files. I for one, will never buy another CD while this witch-hunt continues. For the first time in my life, I'm actually considering buying an Apple product so I can download music that I like without having to shell out 20 bucks for the dreaded plastic disc.
Despite my previous threats, I still cannot seem to bring myself to install Kazaa and join the MP3 masses, even though I feel the record companies (money-lovin' ass clowns, all of them. Did we establish that already?) owe me something for being such a loyal and willing victim err, customer.
Kazaa and the ilk are used, let's be honest here, to steal. If you download a copyrighted work without paying for it, you are stealing that work from the artist. Plain and simple. You can rationalize it all you want, but that is the brutal truth. And I'm not OK with that, so I don't do it. You, gentle reader, can do what you want. I'm not your mother.
Personally I wouldn't care if EMI or any other big record label goes out of business, in fact I hope every one of them does. And sooner rather than later. What stops me from joining this MP3 free-for-all though, is the thought that I wouldn't be stealing just from the big corporations who have been gouging us year after year (and arguably deserve it), but we're stealing from the artists themselves. Good people like Alicia Keys, and other awesome talents who have poured their hearts and souls into their work. If you download the songs of these people without paying for them, they don't get paid even the pittance the record companies let them have after they take out all the "expenses".
I have a dream. I dream of a world where record companies no longer exist. Where artists use the Internet to sell their offerings, and reap the majority of the rewards. I dream of a world where artists can release free b-side songs to the world, knowing that they will still come out ahead selling the a-side songs off the album for 50 cents each, not having to give 90% of the take to some middle-man record company. Yeah, you know what, some of the a-side songs will leak out, but I'd be willing to bet I'm not alone in my willingness to pay for a quality product, even if I can get it for free if I loosened my morals. Look at Apple's iTunes Music Store: they have sold millions of songs since they opened, every one of them alternately available FOR FREE on Kazaa or something similar. Yet people have paid.
Maybe it's a silly dream, and I should just wake the hell up. But something tells me it's an attainable goal, and one definitely worth pursuing. Why can't the music industry learn to use the Internet as a marketing tool and sales channel instead of treating it like the root of all evil? They will never squash file sharing on the Internet, no matter how many millions of dollars and thousands of lawyers they throw at the problem.
:: Posted at 14:03 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Do not pass GO, do not collect $200. Go directly to Hell. Yes, now would be great. We'll send your things, just go.
Here's to hoping the RIAA and its money-grubbing greedy members all go broke suing judgement-proof college kids sharing music files. I for one, will never buy another CD while this witch-hunt continues. For the first time in my life, I'm actually considering buying an Apple product so I can download music that I like without having to shell out 20 bucks for the dreaded plastic disc.
Despite my previous threats, I still cannot seem to bring myself to install Kazaa and join the MP3 masses, even though I feel the record companies (money-lovin' ass clowns, all of them. Did we establish that already?) owe me something for being such a loyal and willing victim err, customer.
Kazaa and the ilk are used, let's be honest here, to steal. If you download a copyrighted work without paying for it, you are stealing that work from the artist. Plain and simple. You can rationalize it all you want, but that is the brutal truth. And I'm not OK with that, so I don't do it. You, gentle reader, can do what you want. I'm not your mother.
Personally I wouldn't care if EMI or any other big record label goes out of business, in fact I hope every one of them does. And sooner rather than later. What stops me from joining this MP3 free-for-all though, is the thought that I wouldn't be stealing just from the big corporations who have been gouging us year after year (and arguably deserve it), but we're stealing from the artists themselves. Good people like Alicia Keys, and other awesome talents who have poured their hearts and souls into their work. If you download the songs of these people without paying for them, they don't get paid even the pittance the record companies let them have after they take out all the "expenses".
I have a dream. I dream of a world where record companies no longer exist. Where artists use the Internet to sell their offerings, and reap the majority of the rewards. I dream of a world where artists can release free b-side songs to the world, knowing that they will still come out ahead selling the a-side songs off the album for 50 cents each, not having to give 90% of the take to some middle-man record company. Yeah, you know what, some of the a-side songs will leak out, but I'd be willing to bet I'm not alone in my willingness to pay for a quality product, even if I can get it for free if I loosened my morals. Look at Apple's iTunes Music Store: they have sold millions of songs since they opened, every one of them alternately available FOR FREE on Kazaa or something similar. Yet people have paid.
Maybe it's a silly dream, and I should just wake the hell up. But something tells me it's an attainable goal, and one definitely worth pursuing. Why can't the music industry learn to use the Internet as a marketing tool and sales channel instead of treating it like the root of all evil? They will never squash file sharing on the Internet, no matter how many millions of dollars and thousands of lawyers they throw at the problem.
:: Posted at 14:03 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Google, will you marry me?
Sometimes the smallest things get me excited. For a long time now, I have been joined at the hip to Google's toolbar, which sits right under IE's toolbar and gives you handy access to Google from whatever page you happen to be on.
Recently they put out a new beta of the 2.0 version of Toolbar, which now includes a configurable popup blocker (cool!), auto-fill functionality (fully configurable, of course!) as well as a "Blog This!" feature that makes a blog entry for whatever page you happen to be on.
All this for free. You can even disable the PageRank features that give some people the privacy willies.
Microsoft has nothing on you heroes over at Google. Seriously, you guys rock.
Update: CNet's News.Com picked up the story as well, read more here.
:: Posted at 12:59 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Sometimes the smallest things get me excited. For a long time now, I have been joined at the hip to Google's toolbar, which sits right under IE's toolbar and gives you handy access to Google from whatever page you happen to be on.
Recently they put out a new beta of the 2.0 version of Toolbar, which now includes a configurable popup blocker (cool!), auto-fill functionality (fully configurable, of course!) as well as a "Blog This!" feature that makes a blog entry for whatever page you happen to be on.
All this for free. You can even disable the PageRank features that give some people the privacy willies.
Microsoft has nothing on you heroes over at Google. Seriously, you guys rock.
Update: CNet's News.Com picked up the story as well, read more here.
:: Posted at 12:59 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
R.I.P. @CyberForge
Anil John is shutting down @CyberForge, one of my favorite security-related blogs.
Sorry to see you go Anil, hopefully it's for all the right reasons.
:: Posted at 19:45 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Anil John is shutting down @CyberForge, one of my favorite security-related blogs.
Sorry to see you go Anil, hopefully it's for all the right reasons.
:: Posted at 19:45 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Switch...?
A while ago, someone (Steve maybe?) turned me onto this hilarious spoof of the Mac "Switch" commercials. A friend of mine is having trouble locating a copy of it, so I put a copy up HERE. It's big, around 50 megs, so I recommend right-clicking and "Save target as", then running it from your local machine once it finishes downloading.
This is definitely one of the funniest damn things I ever did see, and I pull it out whenever I need a gut-ripping laugh.
Enjoy!
:: Posted at 19:45 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
A while ago, someone (Steve maybe?) turned me onto this hilarious spoof of the Mac "Switch" commercials. A friend of mine is having trouble locating a copy of it, so I put a copy up HERE. It's big, around 50 megs, so I recommend right-clicking and "Save target as", then running it from your local machine once it finishes downloading.
This is definitely one of the funniest damn things I ever did see, and I pull it out whenever I need a gut-ripping laugh.
Enjoy!
:: Posted at 19:45 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Dentists that don't suck
This has been a hard week for me personally. I broke a tooth last weekend, and subsequently came to realize that I have a full-blown phobia when it comes to dentists. I always knew I wasn't a "fan" of dentists, not having found myself in a dentist office in about, oh, 15 years, but I had no idea I was actually phobic until I had an anxiety attack on Tuesday shortly after the dentist told me all the mean things they needed to do to my mouth to make things right. Thankfully, my friends were able to talk me down, with a little help from my local apothecary, and I finally went in on Friday to have all 4 of my wisdom teeth removed. Now I sit here blogging, with the help of the almighty Vicodin prescription. It might be fun to look back on what I'm writing here once I sober up.
I have to say, if you ever need an Oral Surgeon for any reason, go see this guy. Dr. Chin is an incredible surgeon, and his staff is awesome. They really went out of their way to make me feel comfortable, and the good doctor even called me personally later that night to make sure I was recovering ok, and to answer any questions I had.
My regular dentist is Dr. Jones in Issaquah, who is also pretty cool. And they didn't laugh at the 270 pound guy in motorcycle leathers who turned into a quivering pile of goo by the end of the initial consultation. Oh the self control they showed on my behalf!
Maybe dentists aren't such a bad lot after all? I guess I've seen Little Shop of Horrors a few times too many...
:: Posted at 15:12 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
This has been a hard week for me personally. I broke a tooth last weekend, and subsequently came to realize that I have a full-blown phobia when it comes to dentists. I always knew I wasn't a "fan" of dentists, not having found myself in a dentist office in about, oh, 15 years, but I had no idea I was actually phobic until I had an anxiety attack on Tuesday shortly after the dentist told me all the mean things they needed to do to my mouth to make things right. Thankfully, my friends were able to talk me down, with a little help from my local apothecary, and I finally went in on Friday to have all 4 of my wisdom teeth removed. Now I sit here blogging, with the help of the almighty Vicodin prescription. It might be fun to look back on what I'm writing here once I sober up.
I have to say, if you ever need an Oral Surgeon for any reason, go see this guy. Dr. Chin is an incredible surgeon, and his staff is awesome. They really went out of their way to make me feel comfortable, and the good doctor even called me personally later that night to make sure I was recovering ok, and to answer any questions I had.
My regular dentist is Dr. Jones in Issaquah, who is also pretty cool. And they didn't laugh at the 270 pound guy in motorcycle leathers who turned into a quivering pile of goo by the end of the initial consultation. Oh the self control they showed on my behalf!
Maybe dentists aren't such a bad lot after all? I guess I've seen Little Shop of Horrors a few times too many...
:: Posted at 15:12 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
BSQUARE Stuff
BSQUARE Alumni Update:
Updated company and contact info for Tor and Julie Trygstad. If you are looking for a job you might drop them a resume. I like the new company name guys!
BSQUARE Rumor Mill:
BSQUARE is looking for new digs. With the glut of office space in the Bellevue area, rent prices have been dropping like a rock. Some facilities are offering a year of free rent. That makes a compelling argument for moving, even if it means eating penalties on the existing space. They were going to wait until next year to move, but rumor has it they are now trying to get out of the existing space by the end of this year. I'm dying to know how they intend to get out of the current obligations at Sunset, maybe that's one of the problems they threw a "Bob" (or two!) at.
Things seem to really be looking up for BSQUARE. I know PES is running above capacity, and there is talk of actually having to hire some PES engineers.
Maui is basically done, now it's just a matter of selling the thing. Hopefully the cash drain from Maui will slow a bit now, with all the R&D out of the way. I wish someone would start selling the damn thing, I'd like to have a hard look at it. Last time I had one in my hands was about 6 months ago, and it wasn't in good shape. I can't help but wonder if all the delays on that project has made them miss the market window. We'll just have to see.
That's all I can say for now without getting myself (or others) into trouble. I'm not too popular with the higher-ups over there these days...
:: Posted at 14:20 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
BSQUARE Alumni Update:
Updated company and contact info for Tor and Julie Trygstad. If you are looking for a job you might drop them a resume. I like the new company name guys!
BSQUARE Rumor Mill:
BSQUARE is looking for new digs. With the glut of office space in the Bellevue area, rent prices have been dropping like a rock. Some facilities are offering a year of free rent. That makes a compelling argument for moving, even if it means eating penalties on the existing space. They were going to wait until next year to move, but rumor has it they are now trying to get out of the existing space by the end of this year. I'm dying to know how they intend to get out of the current obligations at Sunset, maybe that's one of the problems they threw a "Bob" (or two!) at.
Things seem to really be looking up for BSQUARE. I know PES is running above capacity, and there is talk of actually having to hire some PES engineers.
Maui is basically done, now it's just a matter of selling the thing. Hopefully the cash drain from Maui will slow a bit now, with all the R&D out of the way. I wish someone would start selling the damn thing, I'd like to have a hard look at it. Last time I had one in my hands was about 6 months ago, and it wasn't in good shape. I can't help but wonder if all the delays on that project has made them miss the market window. We'll just have to see.
That's all I can say for now without getting myself (or others) into trouble. I'm not too popular with the higher-ups over there these days...
:: Posted at 14:20 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Microsoft Security Centers on Technet
Anil John over @Cyberforge compiled a very handy list of the various Security Centers over on TechNet. I'm glad Microsoft is putting such effort into training engineers how to effectively secure their products and how to write safer code. It seems daily now I read about some new bit of content on TechNet or MSDN that is focusing on how to write secure code and how to make Microsoft products secure.
Thanks Anil!
:: Posted at 21:46 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Anil John over @Cyberforge compiled a very handy list of the various Security Centers over on TechNet. I'm glad Microsoft is putting such effort into training engineers how to effectively secure their products and how to write safer code. It seems daily now I read about some new bit of content on TechNet or MSDN that is focusing on how to write secure code and how to make Microsoft products secure.
Thanks Anil!
:: Posted at 21:46 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
How cool is this?
According to this News.Com article, Verizon has just started shipping a hybrid phone that utlizes your landline if you're at home, or will switch automatically to cellular networks when out of range from the homebase. I assume it comes with some sort of cordless base station, like regular cordless phones do.
That is an incredibly cool idea. I'd love to be able to use the cheaper landline when I'm at home, but having two numbers is annoying, and my landline phone is too big to fit neatly in my pocket like my cell does.
FOLLOW-UP: There are a few more details about Verizon's new phone, as well as similar plans by a couple of other players in the wireless space in this CNN article.
:: Posted at 15:49 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
According to this News.Com article, Verizon has just started shipping a hybrid phone that utlizes your landline if you're at home, or will switch automatically to cellular networks when out of range from the homebase. I assume it comes with some sort of cordless base station, like regular cordless phones do.
That is an incredibly cool idea. I'd love to be able to use the cheaper landline when I'm at home, but having two numbers is annoying, and my landline phone is too big to fit neatly in my pocket like my cell does.
FOLLOW-UP: There are a few more details about Verizon's new phone, as well as similar plans by a couple of other players in the wireless space in this CNN article.
:: Posted at 15:49 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Bluetooth finally gets some hacker lovin'
I was wondering when someone was going to start looking at the security capabilities of Bluetooth. Sure, the range is short (2 meters roughly), but how long of a range do you need on a crowded subway?
The fine folks at @Stake have released the first known tool specifically targetting Bluetooth. Dubbed "RedFang", the tool is merely a brute-force method of discovering non-broadcasting BT devices. In most cases, the fact that the device is not broadcasting its address is the sole security enabled from the factory, and with RedFang, you can blow right past that. Take for example, the Compaq iPaq, that is set to share out its entire storage subsystem to anyone who knows the Bluetooth address.
The article about the project is up on SecurityFocus. It's an interesting read, albeit short. I think we're about to see a big push to test the various security options of Bluetooth. Bluetooth can be secured rather effectively, but we're seeing a lot of implementations that are insecure right out of the box. Have we learned nothing from the "Secure by default" debates?
:: Posted at 21:24 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
I was wondering when someone was going to start looking at the security capabilities of Bluetooth. Sure, the range is short (2 meters roughly), but how long of a range do you need on a crowded subway?
The fine folks at @Stake have released the first known tool specifically targetting Bluetooth. Dubbed "RedFang", the tool is merely a brute-force method of discovering non-broadcasting BT devices. In most cases, the fact that the device is not broadcasting its address is the sole security enabled from the factory, and with RedFang, you can blow right past that. Take for example, the Compaq iPaq, that is set to share out its entire storage subsystem to anyone who knows the Bluetooth address.
The article about the project is up on SecurityFocus. It's an interesting read, albeit short. I think we're about to see a big push to test the various security options of Bluetooth. Bluetooth can be secured rather effectively, but we're seeing a lot of implementations that are insecure right out of the box. Have we learned nothing from the "Secure by default" debates?
:: Posted at 21:24 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Watch me piss off an entire state
I saw this gem while perusing HackInTheBox at home last night, but my BAC at the time left me with only the ability to type "ARE YOU F***ING KIDDING ME?!?!" over and over again, and I just don't think that's good blogging.
Basically, this tard senator from (*gasp!*) Utah, thinks it would be a great idea to allow copyright holders to remotely destroy the computer systems of suspected thieves. Then he astutely points out that they'd need to draft an exemption of current hacking laws to ensure it was all nice and legal.
What can you expect from a state with beer so weak you can't drink it fast enough to get a buzz going. And Starbucks won't touch the place with a 15-foot pole (that's the pole they reserve for things they wouldn't touch with a 10-foot pole), so what does that tell ya?? I swear the barristas (and I use that term loosely) at Mondo Cafe in Moab thought I was speaking Swahili or something when I ordered my usual drink. What is so hard to understand about "grande soy chai with 1 pump of hazelnut and no water"???!?!?! I thought they were going to come over the counter at my fiancee when she busted out her order (some half dark chocolate half white chocolate no whip thing, I didn't really catch the whole thing either honestly). I think we both got a kick out of them trying to write that down on the little shreds of paper they use to write orders on.
I swear we were in Utah for 2 weeks, down one side and up the other, and never did see a single Starbucks in all the 2000 miles we logged in the state during our stay.
No real beer. No Starbucks. Clueless wacko government officials. Someone needs to fund a study, that just can't be coincidence...
:: Posted at 17:46 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
I saw this gem while perusing HackInTheBox at home last night, but my BAC at the time left me with only the ability to type "ARE YOU F***ING KIDDING ME?!?!" over and over again, and I just don't think that's good blogging.
Basically, this tard senator from (*gasp!*) Utah, thinks it would be a great idea to allow copyright holders to remotely destroy the computer systems of suspected thieves. Then he astutely points out that they'd need to draft an exemption of current hacking laws to ensure it was all nice and legal.
What can you expect from a state with beer so weak you can't drink it fast enough to get a buzz going. And Starbucks won't touch the place with a 15-foot pole (that's the pole they reserve for things they wouldn't touch with a 10-foot pole), so what does that tell ya?? I swear the barristas (and I use that term loosely) at Mondo Cafe in Moab thought I was speaking Swahili or something when I ordered my usual drink. What is so hard to understand about "grande soy chai with 1 pump of hazelnut and no water"???!?!?! I thought they were going to come over the counter at my fiancee when she busted out her order (some half dark chocolate half white chocolate no whip thing, I didn't really catch the whole thing either honestly). I think we both got a kick out of them trying to write that down on the little shreds of paper they use to write orders on.
I swear we were in Utah for 2 weeks, down one side and up the other, and never did see a single Starbucks in all the 2000 miles we logged in the state during our stay.
No real beer. No Starbucks. Clueless wacko government officials. Someone needs to fund a study, that just can't be coincidence...
:: Posted at 17:46 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
I blinked
So I took my eyes off of BSQUARE for a millisecond and they take the opportunity to whack the CFO and bid farewell to the Senior Marketing guy! I had to read about it like normal people do!
I'll do better next time, faithful listeners, I promise.
:: Posted at 17:13 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
So I took my eyes off of BSQUARE for a millisecond and they take the opportunity to whack the CFO and bid farewell to the Senior Marketing guy! I had to read about it like normal people do!
I'll do better next time, faithful listeners, I promise.
:: Posted at 17:13 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Alumni Page update
Added Kent Peterson
Updated Dennis Peter
Welcome Kent!
:: Posted at 15:51 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Added Kent Peterson
Updated Dennis Peter
Welcome Kent!
:: Posted at 15:51 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Gartner IDS report follow-up
Seems I wasn't the only one who thought Gartner's recent analysis of the state of IDS was complete bunk. Gary Golomb, an engineer at Enterasys (an IDS developer, mind you), and a frequent contributor in the IDS community, has posted a reply to the report on the SecurityFocus IDS mailing list, debunking the research (and I use that term loosely) the Gartner author cites in his original report.
Gartner is losing credibility with each new report they are putting out lately.
:: Posted at 14:00 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Seems I wasn't the only one who thought Gartner's recent analysis of the state of IDS was complete bunk. Gary Golomb, an engineer at Enterasys (an IDS developer, mind you), and a frequent contributor in the IDS community, has posted a reply to the report on the SecurityFocus IDS mailing list, debunking the research (and I use that term loosely) the Gartner author cites in his original report.
Gartner is losing credibility with each new report they are putting out lately.
:: Posted at 14:00 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Zone Alarm rolls to Version 4.0
I admit it. I'm a fan of Zone Alarm. It has consistently earned top honors in the personal firewall class. With version 4, Zone Alarm now adds email scanning abilities (inbound and outbound), a popup blocker, and IDS-like reporting capabilities. They have also enhanced the granularity of the firewall controls, allowing geeks like me to fine tune the protection.
Best 50 bucks you can ever spend for your computer, especially if you don't have a real firewall sitting between you and your internet connection. If you can't spare the 50 bones for the Pro version, at least grab the free one. It gives you the firewall functions without all the fancy add-ons, and it's way better than nothing.
Get it now! Go ahead. I'll still be here when you get back.
:: Posted at 00:45 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
I admit it. I'm a fan of Zone Alarm. It has consistently earned top honors in the personal firewall class. With version 4, Zone Alarm now adds email scanning abilities (inbound and outbound), a popup blocker, and IDS-like reporting capabilities. They have also enhanced the granularity of the firewall controls, allowing geeks like me to fine tune the protection.
Best 50 bucks you can ever spend for your computer, especially if you don't have a real firewall sitting between you and your internet connection. If you can't spare the 50 bones for the Pro version, at least grab the free one. It gives you the firewall functions without all the fancy add-ons, and it's way better than nothing.
Get it now! Go ahead. I'll still be here when you get back.
:: Posted at 00:45 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Chat with MS regarding Trustworthy Computing
We'll get the rare opportunity to talk to Mike Nash, VP of Microsoft's Security Business Unit. The chat will be on June 16th, at 17:00 GMT. You can go HERE for more information, and to log into the chat room.
Now why do I have to read a 12-page legal agreement just to log into a chat anyway? Sheesh. I think I'll just wait for the transcript.
:: Posted at 00:25 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
We'll get the rare opportunity to talk to Mike Nash, VP of Microsoft's Security Business Unit. The chat will be on June 16th, at 17:00 GMT. You can go HERE for more information, and to log into the chat room.
Now why do I have to read a 12-page legal agreement just to log into a chat anyway? Sheesh. I think I'll just wait for the transcript.
:: Posted at 00:25 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Uh... soon?
Forgive me for not being encouraged by former presidential Internet security advisor (and now eBay's head security czar) when he goes on record saying (and I quote) "Soon we'll see a zero-day exploit". Uhh, where the hell have you been, pal? It should be common knowledge that black hats are often using expoits in the wild well before white hats have discovered them. In fact, a good percentage of zero-day exploits are discovered by honeypots and IDS systems as they are executed against target networks.
eBay is so screwed.
:: Posted at 00:09 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Forgive me for not being encouraged by former presidential Internet security advisor (and now eBay's head security czar) when he goes on record saying (and I quote) "Soon we'll see a zero-day exploit". Uhh, where the hell have you been, pal? It should be common knowledge that black hats are often using expoits in the wild well before white hats have discovered them. In fact, a good percentage of zero-day exploits are discovered by honeypots and IDS systems as they are executed against target networks.
eBay is so screwed.
:: Posted at 00:09 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Gartner displays their security ignorance AGAIN
I swear the people doing security research at Gartner are completely clueless, and are starting to cause serious damage to corporate security efforts by publishing poorly researched recommendations like the one they put out yesterday.
The article actually recommends that corporations devote all the money they would have spent on Intrusion Detection Systems (IDS) to firewall products instead. As if the two were competitive technologies.
News flash for you idiots: IDS is an auditing tool more than anything else, and it works in conjunction with a firewall infrastructure. It validates your firewall policy, and shows you what is getting past it. Have you heard of "Defense in depth"? Access control is only part of a total security solution. Are these guys honestly recommending that you put your firewalls out there and just assume they are effectively staving off every conceivable attack? Sadly yes, that is exactly what these "experts" are recommending.
Yes, IDS systems generate false positives. Yes, you have to have someone looking through the logs and see what's getting past your firewall. Do you care what is getting past your firewall or not? You should. And your firewall isn't going to admit what it's missing, so you need an IDS solution of some kind. IDS is a young technology, but it shows enormous promise, and is already an effective tool in an environment that is properly secured.
The value of IDS beyond auditing is also hard to even quantify. Zero-day exploits that blow right past firewalls are captured through the use of IDS systems. New attacks are reported within minutes of them entering the wild, thanks to IDS systems. The Internet community benefits in so many ways from the growing use of IDS that I have to seriously wonder what Gartner's motivation is for putting out complete nonsense like this.
Shame on you Gartner, for proliferating an erroneous view of a critical security technology and thereby weakening the defensive postures of countless corporations and other Internet entities who might actually take your advice.
:: Posted at 12:42 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
I swear the people doing security research at Gartner are completely clueless, and are starting to cause serious damage to corporate security efforts by publishing poorly researched recommendations like the one they put out yesterday.
The article actually recommends that corporations devote all the money they would have spent on Intrusion Detection Systems (IDS) to firewall products instead. As if the two were competitive technologies.
News flash for you idiots: IDS is an auditing tool more than anything else, and it works in conjunction with a firewall infrastructure. It validates your firewall policy, and shows you what is getting past it. Have you heard of "Defense in depth"? Access control is only part of a total security solution. Are these guys honestly recommending that you put your firewalls out there and just assume they are effectively staving off every conceivable attack? Sadly yes, that is exactly what these "experts" are recommending.
Yes, IDS systems generate false positives. Yes, you have to have someone looking through the logs and see what's getting past your firewall. Do you care what is getting past your firewall or not? You should. And your firewall isn't going to admit what it's missing, so you need an IDS solution of some kind. IDS is a young technology, but it shows enormous promise, and is already an effective tool in an environment that is properly secured.
The value of IDS beyond auditing is also hard to even quantify. Zero-day exploits that blow right past firewalls are captured through the use of IDS systems. New attacks are reported within minutes of them entering the wild, thanks to IDS systems. The Internet community benefits in so many ways from the growing use of IDS that I have to seriously wonder what Gartner's motivation is for putting out complete nonsense like this.
Shame on you Gartner, for proliferating an erroneous view of a critical security technology and thereby weakening the defensive postures of countless corporations and other Internet entities who might actually take your advice.
:: Posted at 12:42 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Lance Spitzner on the legality of Honeypots
Hardly a week passes where someone doesn't ask the security community if Honeypots are legal, or if they constitute entrapment. Lance Spitzner (Personal hero of mine? Drove a tank? Yeah, that guy) posted an article on Security Focus about the legality of Honeypots. Helping Lance on this paper was Richard Salgado, who works at the DoJ and is a frequent contributor on the Honeypots Mailing List, as well as Jennifer Grannick, Director of Stanford Center for Internet and Society.
It's a good read.
:: Posted at 12:03 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Hardly a week passes where someone doesn't ask the security community if Honeypots are legal, or if they constitute entrapment. Lance Spitzner (Personal hero of mine? Drove a tank? Yeah, that guy) posted an article on Security Focus about the legality of Honeypots. Helping Lance on this paper was Richard Salgado, who works at the DoJ and is a frequent contributor on the Honeypots Mailing List, as well as Jennifer Grannick, Director of Stanford Center for Internet and Society.
It's a good read.
:: Posted at 12:03 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Exhibit A
I know some of you grow tired of me preaching the evils of the home user, and how their always-on high-bandwidth systems are all-too-commonly recruited into botnets and used for evil purposes by Wile E Hacker.
But I'm not making this stuff up!
I give you Exhibit A: A study conducted recently by AOL and the National Cyber Security Alliance that says 86% of broadband users think they are sufficiently protected from black hats, yet only 11%(!!!!!) actually had adequately secured systems.
Millions of poorly-secured systems, with big fat pipes to the Internet, just ripe for the picking. It's no wonder botnets have been discovered with over 140,000 zombies patiently awaiting orders.
This, my friends, is the single largest threat to the Internet. Can I get an "Amen"?
:: Posted at 01:08 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
I know some of you grow tired of me preaching the evils of the home user, and how their always-on high-bandwidth systems are all-too-commonly recruited into botnets and used for evil purposes by Wile E Hacker.
But I'm not making this stuff up!
I give you Exhibit A: A study conducted recently by AOL and the National Cyber Security Alliance that says 86% of broadband users think they are sufficiently protected from black hats, yet only 11%(!!!!!) actually had adequately secured systems.
Millions of poorly-secured systems, with big fat pipes to the Internet, just ripe for the picking. It's no wonder botnets have been discovered with over 140,000 zombies patiently awaiting orders.
This, my friends, is the single largest threat to the Internet. Can I get an "Amen"?
:: Posted at 01:08 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Recent security tidbits that I found interesting:
Security Focus reports on the impact of recent large-scale worms on the Internet infrastructure in this article. As many of us in the security realm realize, the routing protocols being most widely used on the Internet are fragile as hell, and represent (in my humble opinion), the "Achilles' Heel" of the Internet.
Government Computer News is reporting a new type of trojan horse recently found in the wild. CERT has not confirmed the report at this time.
I'd like to send a big shout-out to @Stake who demonstrated what Responsible Disclosure is all about when they worked with Nokia to plug a potentially-disastrous vulnerability in Nokia's GGSN before going public with the discovery. GGSNs are critical components of GPRS networks. You can read all about their discovery here. I'm glad someone is taking a hard look at wireless data infrastructure components.
Information Week is reporting on AOL's new plans to include host-based firewall protection free of charge in their upcoming 9.0 release. This is huge news, and I hope all the major ISPs follow suit. Maybe this will help curb the explosion of botnets in this country. Well, everyone's gotta have a dream.
Read. Learn.
:: Posted at 00:27 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Security Focus reports on the impact of recent large-scale worms on the Internet infrastructure in this article. As many of us in the security realm realize, the routing protocols being most widely used on the Internet are fragile as hell, and represent (in my humble opinion), the "Achilles' Heel" of the Internet.
Government Computer News is reporting a new type of trojan horse recently found in the wild. CERT has not confirmed the report at this time.
I'd like to send a big shout-out to @Stake who demonstrated what Responsible Disclosure is all about when they worked with Nokia to plug a potentially-disastrous vulnerability in Nokia's GGSN before going public with the discovery. GGSNs are critical components of GPRS networks. You can read all about their discovery here. I'm glad someone is taking a hard look at wireless data infrastructure components.
Information Week is reporting on AOL's new plans to include host-based firewall protection free of charge in their upcoming 9.0 release. This is huge news, and I hope all the major ISPs follow suit. Maybe this will help curb the explosion of botnets in this country. Well, everyone's gotta have a dream.
Read. Learn.
:: Posted at 00:27 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Too... many.... articles.... GAH!
Steve linked to a really cool security news site called HackinTheBox.org. Instead of making blog entries for each of the interesting articles, which could take up the rest of the night, I'll just suggest that you go there and start reading.
I could spend all night at a site like that. Great stuff. I'll have to do some further research on their link list too.
I have a sudden craving for Jack In The Box. Gotta run.
:: Posted at 21:50 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Steve linked to a really cool security news site called HackinTheBox.org. Instead of making blog entries for each of the interesting articles, which could take up the rest of the night, I'll just suggest that you go there and start reading.
I could spend all night at a site like that. Great stuff. I'll have to do some further research on their link list too.
I have a sudden craving for Jack In The Box. Gotta run.
:: Posted at 21:50 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
ReplayTV Sells Out
Warning: What follows will certainly devolve into a rant, and will likely result in frequent cursing. I will try to maintain the family-friendly rating of this blog by using strategically-placed asterisks. But I guarantee nothing, dammit.
In a crushing blow to this blogger (and semi-proud owner of 2 ReplayTVs) ReplayTV's new parent company D&M Holdings (makers of Denon and Marantz AV gear) has announced that they are removing pretty much the only differentiating features from their future line of DVRs (sharing recordings, and the ability to skip commercials). F*cking sellouts. I will never buy another Denon or Marantz product ever again.
I can see the objections to sharing programs, and I'd go along with that. But killing Commercial Skip? That battle was winnable.
Maybe if the networks didn't inflict CarrotTop on me 12 times an hour, I might be inclined to watch their asinine commercials. I'd rather have my toenails pulled out during commercials rather than be forced to watch another no-talent has-been hawking yet another fucking long distance service. And if you don't live in Seattle, count your blessings that you don't have to put up with this ass-clown. Until you put some f*cking effort into your commercials, I reserve my right to not watch the f*cking things!
At least the ReplayTV recorded the commercials, letting the user choose to view them or not. I know of VCRs that you can program to not even record them. What's worse?
But back to the Sell Outs, D&M Holdings:
You guys had a leg to stand on if you had some freaking backbone. The Electronic Frontier Foundation (EFF) had already stepped in and taken up the fight to protect your user's rights even if you were willing to sell us out at the first available opportunity. You know, Sony was sued back in 1979 for their new BetaMax VCR, because it recorded shows and allowed "time shifting" (recording content to be replayed later). That went all the way to the US Supreme Court before the decision was finally made in 1984 that owning such devices was completely within the right of consumers. There is precedent here, people! This is a winnable fight, but not if you walk away!
I have to say, the RIAA and Hollywood are really getting bold. They have publicly stated that the price of watching television programming is paid by you watching the commercials. If you don't watch the commercials, you are a thief. Apparently, if you go take a piss during a commercial, you are stealing service. If you get up to make a turkey sandwich during a commercial, you are a thief. Last year, Hollywood won a court order forcing SonicBlue to begin spying on their customers, and report their viewing habits directly back to the networks. Thankfully, ReplayTV stood up and called "Bullshit" and the judge hearing the appeal agreed with them. The RIAA wanted to ban MP3 players entirely, arguing that converting a CD to MP3 format was piracy, and copyright infringement. Thankfully they went up against a judge who had a clue, and the attempt to outlaw MP3 players was tossed out.
Why, D&M, will you not stand up for your rights, and the rights of your customers?? Who will fight these battles if the innovators act so cowardly in the face of a Hollywood or RIAA lawyer? How often will the EFF take up such causes when they are just hung out to dry when the defendant just gives up?
The whole thing makes me ill.
:: Posted at 13:21 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Warning: What follows will certainly devolve into a rant, and will likely result in frequent cursing. I will try to maintain the family-friendly rating of this blog by using strategically-placed asterisks. But I guarantee nothing, dammit.
In a crushing blow to this blogger (and semi-proud owner of 2 ReplayTVs) ReplayTV's new parent company D&M Holdings (makers of Denon and Marantz AV gear) has announced that they are removing pretty much the only differentiating features from their future line of DVRs (sharing recordings, and the ability to skip commercials). F*cking sellouts. I will never buy another Denon or Marantz product ever again.
I can see the objections to sharing programs, and I'd go along with that. But killing Commercial Skip? That battle was winnable.
Maybe if the networks didn't inflict CarrotTop on me 12 times an hour, I might be inclined to watch their asinine commercials. I'd rather have my toenails pulled out during commercials rather than be forced to watch another no-talent has-been hawking yet another fucking long distance service. And if you don't live in Seattle, count your blessings that you don't have to put up with this ass-clown. Until you put some f*cking effort into your commercials, I reserve my right to not watch the f*cking things!
At least the ReplayTV recorded the commercials, letting the user choose to view them or not. I know of VCRs that you can program to not even record them. What's worse?
But back to the Sell Outs, D&M Holdings:
You guys had a leg to stand on if you had some freaking backbone. The Electronic Frontier Foundation (EFF) had already stepped in and taken up the fight to protect your user's rights even if you were willing to sell us out at the first available opportunity. You know, Sony was sued back in 1979 for their new BetaMax VCR, because it recorded shows and allowed "time shifting" (recording content to be replayed later). That went all the way to the US Supreme Court before the decision was finally made in 1984 that owning such devices was completely within the right of consumers. There is precedent here, people! This is a winnable fight, but not if you walk away!
I have to say, the RIAA and Hollywood are really getting bold. They have publicly stated that the price of watching television programming is paid by you watching the commercials. If you don't watch the commercials, you are a thief. Apparently, if you go take a piss during a commercial, you are stealing service. If you get up to make a turkey sandwich during a commercial, you are a thief. Last year, Hollywood won a court order forcing SonicBlue to begin spying on their customers, and report their viewing habits directly back to the networks. Thankfully, ReplayTV stood up and called "Bullshit" and the judge hearing the appeal agreed with them. The RIAA wanted to ban MP3 players entirely, arguing that converting a CD to MP3 format was piracy, and copyright infringement. Thankfully they went up against a judge who had a clue, and the attempt to outlaw MP3 players was tossed out.
Why, D&M, will you not stand up for your rights, and the rights of your customers?? Who will fight these battles if the innovators act so cowardly in the face of a Hollywood or RIAA lawyer? How often will the EFF take up such causes when they are just hung out to dry when the defendant just gives up?
The whole thing makes me ill.
:: Posted at 13:21 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Should security training be mandatory for MCSEs?
There has been a rather heated debate in the community lately about the new(?) security-focused supplemental certifications that Microsoft recently announced for existing MCSEs and MCSAs. On one hand, some folks are saying security-focused training should be an integral part of the MCSE track already, instead of merely an optional enhancement. Alan Paller, the Director of Research for the highly respected SANS Institute, and a long-time critic of Microsoft's certification programs, points out that the additional security training sessions have been available for years (in some cases), and are just not a very popular choice among MCSE students. It's an interesting opinion, given that SANS is a leading provider of security training in the world.
On the other hand, there are those who believe that not all MCSEs will be called upon to take on the security role, and should therefore not be forced to take security-specific training if that is not where their interests lie. A recent editorial on SecurityFocus suggests that you can have MCSEs in roles where security is not a significant enough part of their jobs to require specialized security training. Remember, MCSE stands for "Microsoft Certified Systems Engineer", not "Microsoft Certified Security Engineer".
I'm going to weigh in on this, because... well, because this is my web site and I can weigh in on whatever the hell I want, dammit! (For the record, I hold both an MCSE and SANS certifications, so I find this discussion especially relevant.)
While I agree to some extent with Tim Mullen, of SecurityFocus, I can't help but wonder how much safer the world would be if Microsoft mandated security training for all the MCSEs they cranked out in the late 90s and early 2000s. However, I put a good portion of this failure squarely on the shoulders of Corporate America, who continued to not care about security (and continues to do so with frightening regularity) until the events surrounding 9/11 demonstrated that the Emperor was in fact buck naked. Let's face it, Corporate America dictates who gets the jobs and who doesn't, and they were more than happy to let security be an afterthought in the writing of 99% of the job descriptions for systems engineers. If they had demanded security-trained MCSEs, I guarantee the MCSE program would have started churning them out by the thousands.
Even now, as I look through job descriptions for systems engineers, if security is listed at all it is usually down towards the bottom in the list of things you do when you run out of *real* work. And trying to get funding for high-priced security training when that's not a key function of your job is often hopeless.
Until Corporate America considers network security training a fundamental requirement of prospective systems engineers, don't expect anyone else to.
:: Posted at 19:11 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
There has been a rather heated debate in the community lately about the new(?) security-focused supplemental certifications that Microsoft recently announced for existing MCSEs and MCSAs. On one hand, some folks are saying security-focused training should be an integral part of the MCSE track already, instead of merely an optional enhancement. Alan Paller, the Director of Research for the highly respected SANS Institute, and a long-time critic of Microsoft's certification programs, points out that the additional security training sessions have been available for years (in some cases), and are just not a very popular choice among MCSE students. It's an interesting opinion, given that SANS is a leading provider of security training in the world.
On the other hand, there are those who believe that not all MCSEs will be called upon to take on the security role, and should therefore not be forced to take security-specific training if that is not where their interests lie. A recent editorial on SecurityFocus suggests that you can have MCSEs in roles where security is not a significant enough part of their jobs to require specialized security training. Remember, MCSE stands for "Microsoft Certified Systems Engineer", not "Microsoft Certified Security Engineer".
I'm going to weigh in on this, because... well, because this is my web site and I can weigh in on whatever the hell I want, dammit! (For the record, I hold both an MCSE and SANS certifications, so I find this discussion especially relevant.)
While I agree to some extent with Tim Mullen, of SecurityFocus, I can't help but wonder how much safer the world would be if Microsoft mandated security training for all the MCSEs they cranked out in the late 90s and early 2000s. However, I put a good portion of this failure squarely on the shoulders of Corporate America, who continued to not care about security (and continues to do so with frightening regularity) until the events surrounding 9/11 demonstrated that the Emperor was in fact buck naked. Let's face it, Corporate America dictates who gets the jobs and who doesn't, and they were more than happy to let security be an afterthought in the writing of 99% of the job descriptions for systems engineers. If they had demanded security-trained MCSEs, I guarantee the MCSE program would have started churning them out by the thousands.
Even now, as I look through job descriptions for systems engineers, if security is listed at all it is usually down towards the bottom in the list of things you do when you run out of *real* work. And trying to get funding for high-priced security training when that's not a key function of your job is often hopeless.
Until Corporate America considers network security training a fundamental requirement of prospective systems engineers, don't expect anyone else to.
:: Posted at 19:11 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Alumni Update
My friend and fellow BSQUARE Alum Jeremy Kercheval recently hinted (in his own subtle way) that he wouldn't object to being listed on the BSQUARE Alumni List. So I obliged him :)
I also added Eric Hesselgesser. Welcome Eric.
:: Posted at 22:57 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
My friend and fellow BSQUARE Alum Jeremy Kercheval recently hinted (in his own subtle way) that he wouldn't object to being listed on the BSQUARE Alumni List. So I obliged him :)
I also added Eric Hesselgesser. Welcome Eric.
:: Posted at 22:57 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Busy weekend, Take 2
It seems I can have no other kind of weekend besides busy lately. Saturday I had a little "me" time. My new tabs came in for the Sabre, and I started the insurance back up, so I am legal again. After about a 6-month break from riding, I'm really feeling the pull again. It's strange, for a while there I had absolutely no desire to ride. But now that it's summer again, I can't wait. I swung by I-90 Motorsports in Issaquah and picked up a new half-helmet. It's amazing the difference in experience between riding with a full-face helmet at a half helmet. I think in a full-face helmet you become a bit more detached from the motorcycle riding experience. I think I'll be riding a lot with the half-helmet on, unless I plan on hitting the highway. I've got too many pits on the shield of my full-face helmet to ignore the dangers of a rock or other projectile hitting my face at 70MPH.
So after I got my ride in on Saturday, I watched the 2nd half of the Cubs-Yankees game. I hope Hee Seop Choi is going to be OK, he hit his head hard there on the basepath, and was out cold for a couple minutes. The Rocket lost again, and is claiming some lame respiratory ailment for the loss and subsequent seclusion from the press. He's scheduled to pitch again on Friday, back home at Yankee Stadium. He has yet to register a win at home this year, so it should be interesting. I have a feeling he'll skip a turn in the rotation. If I was Joe Torre, I'd have him sit one out, and try to put his chase for 300 back into perspective for the rest of the team. The team is really stinking it up lately, and they could use a few less distractions.
Then it was off to a wedding late Saturday afternoon. I hate weddings to begin with, as any number of my friends can attest to. But it's something I've been working on, since my own is coming up in another 2.5 months, and I don't think I can come up with an effective excuse to miss that one. I don't really hate weddings, I'm just not very comfortable at them, probably because most of the time I go alone, and know pretty much nobody except the bride and groom. And my Chandler-esqe comedy routines don't seem to go over very well at weddings either, so there goes my primary means of defense.
So anyway, I survived the wedding, and even managed to dodge the dirty dancing number 4 of Jessica's male friends inflicted on the hapless groom. Apparently that's tradition. (note to self: check if those guys are invited to the wedding). They also have something planned for me in Portland, where apparently they haven't heard of the "4-foot rule", which seems to present a bit of an obstacle to bachelor parties up here in Seattle. Frankly, I'd be just as happy sitting at home with a few of my best buds, having a few beers, and watching Clemens try for the 16th time to win his 300th game. But something tells me that is not an option.
Sunday was spent entertaining a couple friends at the house. Well, OK, maybe "entertaining" isn't the most appropriate word. I put their asses to work cleaning my garage. My friends do good work, and I can pay them in bacon-wrapped prawns. So I now have a relatively clean garage. My bike can breathe a little until Jessica moves in later this month. We're currently discussing whether the bike gets the 2nd garage spot, or her car. I think I'm going to lose this battle. So after a 2-vehicle run to Ye Olde Transfer Station, we retired to the deck and I threw some bacon-wrapped beauties onto the barby.
That's the proper way to end a weekend I think. Good friends, a few drinks, and some fine food. I do love Seattle in the summertime.
:: Posted at 22:45 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
It seems I can have no other kind of weekend besides busy lately. Saturday I had a little "me" time. My new tabs came in for the Sabre, and I started the insurance back up, so I am legal again. After about a 6-month break from riding, I'm really feeling the pull again. It's strange, for a while there I had absolutely no desire to ride. But now that it's summer again, I can't wait. I swung by I-90 Motorsports in Issaquah and picked up a new half-helmet. It's amazing the difference in experience between riding with a full-face helmet at a half helmet. I think in a full-face helmet you become a bit more detached from the motorcycle riding experience. I think I'll be riding a lot with the half-helmet on, unless I plan on hitting the highway. I've got too many pits on the shield of my full-face helmet to ignore the dangers of a rock or other projectile hitting my face at 70MPH.
So after I got my ride in on Saturday, I watched the 2nd half of the Cubs-Yankees game. I hope Hee Seop Choi is going to be OK, he hit his head hard there on the basepath, and was out cold for a couple minutes. The Rocket lost again, and is claiming some lame respiratory ailment for the loss and subsequent seclusion from the press. He's scheduled to pitch again on Friday, back home at Yankee Stadium. He has yet to register a win at home this year, so it should be interesting. I have a feeling he'll skip a turn in the rotation. If I was Joe Torre, I'd have him sit one out, and try to put his chase for 300 back into perspective for the rest of the team. The team is really stinking it up lately, and they could use a few less distractions.
Then it was off to a wedding late Saturday afternoon. I hate weddings to begin with, as any number of my friends can attest to. But it's something I've been working on, since my own is coming up in another 2.5 months, and I don't think I can come up with an effective excuse to miss that one. I don't really hate weddings, I'm just not very comfortable at them, probably because most of the time I go alone, and know pretty much nobody except the bride and groom. And my Chandler-esqe comedy routines don't seem to go over very well at weddings either, so there goes my primary means of defense.
So anyway, I survived the wedding, and even managed to dodge the dirty dancing number 4 of Jessica's male friends inflicted on the hapless groom. Apparently that's tradition. (note to self: check if those guys are invited to the wedding). They also have something planned for me in Portland, where apparently they haven't heard of the "4-foot rule", which seems to present a bit of an obstacle to bachelor parties up here in Seattle. Frankly, I'd be just as happy sitting at home with a few of my best buds, having a few beers, and watching Clemens try for the 16th time to win his 300th game. But something tells me that is not an option.
Sunday was spent entertaining a couple friends at the house. Well, OK, maybe "entertaining" isn't the most appropriate word. I put their asses to work cleaning my garage. My friends do good work, and I can pay them in bacon-wrapped prawns. So I now have a relatively clean garage. My bike can breathe a little until Jessica moves in later this month. We're currently discussing whether the bike gets the 2nd garage spot, or her car. I think I'm going to lose this battle. So after a 2-vehicle run to Ye Olde Transfer Station, we retired to the deck and I threw some bacon-wrapped beauties onto the barby.
That's the proper way to end a weekend I think. Good friends, a few drinks, and some fine food. I do love Seattle in the summertime.
:: Posted at 22:45 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
New CyberSecurity Division formed under Homeland Security
Welcome to the party boys! Sorry, the beer ran out 2 years ago. It's about time the gubment start taking seriously what whitehats have been shouting from every available rooftop: Cybercrime/CyberTerrorism is a real threat to the security of this nation, and the private sector can't stave it off alone.
Conducting acts of cybercrime isn't nearly as hard as hijacking 4 aircraft and flying them into a building. You don't need to recruit some extremist wacko who is willing to strap a bomb to his chest and die for the cause. Al Qaeda has already proven it has the skills to conduct computer-based operations.
Did you know that botnets containing as many as 140,000(!!!!!) hosts have been discovered? Can you even fathom what havoc one person can wreak with an army of 140,000 computers? There are points of failure on the Internet that can be taken out with 1/10th of the firepower that botnet represents.
The only thing stopping terrorist organizations from using computer-based attacks has been a lack of imagination and motivation. Now that they are properly motivated, and have displayed increased levels of proficiency, the threat is more real than ever.
The Internet knows no borders. An attack can be launched from ANYWHERE. So far, we've been lucky that the botnets have been under the control of blackhats with few political aspirations.
But hey, I'm here to help. Here are a couple things the government can do right away to reduce (not eliminate, mind you) the threat of botnets (and cybercrime in general):
1. Use legislation to require ISPs who do business in the US to implement egress filters on their routers. Put one of your 60 new bodies on this and make it their full-time job to verify compliance. Sue AOL if you have to, prove you're serious. Then start pressuring our foreign friends (if we have any left) to do the same.
2. Allow private parties to be held responsible (not criminally though) for attacks carried out by their computers if the corrective patch for the problem has been out for 3 months or longer. Sue a few lazy home users and suddenly security is THEIR problem (like it should be), instead of just ours when their computer starts attacking our networks. Do you know that some of the most common web attacks are ones that have had fixes available for nearly 4 years?? If you are going to give home users a loaded gun (the computer), make them responsible for using it in a safe and responsible manner.
3. Stop already with requiring law enforcement backgrounds and abilities when hiring government white hats. You need the best people you can get your hands on, and guess what? Not a one of us will need to be able to fire a gun or chase a suspect 20 city blocks. That's what cops do. We point out the bad guys, then the guys with many guns and not so many necks go make the arrests. Don't make us go through special agent training just to waste it sitting in front of a computer all day.
4. Give local police forces some budget to hire at least 1 bonafide cyber security professional. Don't saddle him/her with other non-computer-related investigations. You know my local police force (protects over a quarter of a million people) has exactly 1 guy who handles all the cybercrime cases. And he does it only because he started doing it as a hobby in his spare time, otherwise we wouldn't even have him. I shudder to think how many of our local police forces have absolutely no skills in addressing acts of cybercrime. You have to get serious at the local level. The locals are absolutely overwhelmed. Show some arrests. Demonstrate consequences for black hat activities. Throw some kiddies in the clink. They'll get the idea, they're bright kids.
Radical ideas? Yep. This war is far from over. The government can help us if they follow through with what they have started.
:: Posted at 21:28 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Welcome to the party boys! Sorry, the beer ran out 2 years ago. It's about time the gubment start taking seriously what whitehats have been shouting from every available rooftop: Cybercrime/CyberTerrorism is a real threat to the security of this nation, and the private sector can't stave it off alone.
Conducting acts of cybercrime isn't nearly as hard as hijacking 4 aircraft and flying them into a building. You don't need to recruit some extremist wacko who is willing to strap a bomb to his chest and die for the cause. Al Qaeda has already proven it has the skills to conduct computer-based operations.
Did you know that botnets containing as many as 140,000(!!!!!) hosts have been discovered? Can you even fathom what havoc one person can wreak with an army of 140,000 computers? There are points of failure on the Internet that can be taken out with 1/10th of the firepower that botnet represents.
The only thing stopping terrorist organizations from using computer-based attacks has been a lack of imagination and motivation. Now that they are properly motivated, and have displayed increased levels of proficiency, the threat is more real than ever.
The Internet knows no borders. An attack can be launched from ANYWHERE. So far, we've been lucky that the botnets have been under the control of blackhats with few political aspirations.
But hey, I'm here to help. Here are a couple things the government can do right away to reduce (not eliminate, mind you) the threat of botnets (and cybercrime in general):
1. Use legislation to require ISPs who do business in the US to implement egress filters on their routers. Put one of your 60 new bodies on this and make it their full-time job to verify compliance. Sue AOL if you have to, prove you're serious. Then start pressuring our foreign friends (if we have any left) to do the same.
2. Allow private parties to be held responsible (not criminally though) for attacks carried out by their computers if the corrective patch for the problem has been out for 3 months or longer. Sue a few lazy home users and suddenly security is THEIR problem (like it should be), instead of just ours when their computer starts attacking our networks. Do you know that some of the most common web attacks are ones that have had fixes available for nearly 4 years?? If you are going to give home users a loaded gun (the computer), make them responsible for using it in a safe and responsible manner.
3. Stop already with requiring law enforcement backgrounds and abilities when hiring government white hats. You need the best people you can get your hands on, and guess what? Not a one of us will need to be able to fire a gun or chase a suspect 20 city blocks. That's what cops do. We point out the bad guys, then the guys with many guns and not so many necks go make the arrests. Don't make us go through special agent training just to waste it sitting in front of a computer all day.
4. Give local police forces some budget to hire at least 1 bonafide cyber security professional. Don't saddle him/her with other non-computer-related investigations. You know my local police force (protects over a quarter of a million people) has exactly 1 guy who handles all the cybercrime cases. And he does it only because he started doing it as a hobby in his spare time, otherwise we wouldn't even have him. I shudder to think how many of our local police forces have absolutely no skills in addressing acts of cybercrime. You have to get serious at the local level. The locals are absolutely overwhelmed. Show some arrests. Demonstrate consequences for black hat activities. Throw some kiddies in the clink. They'll get the idea, they're bright kids.
Radical ideas? Yep. This war is far from over. The government can help us if they follow through with what they have started.
:: Posted at 21:28 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Pop quiz
Quick, who is the artist on this CD? Give up? It's RadioHead, OK Computer. Want it? I have 2, actually. "But Beau, how many copies of OK Computer do you need?", I hear you asking (Yes, I can hear you. Watch your mouth). It's because the record companies, in this case EMI, are much smarter than I am. It's bad enough that they sucker me into paying upwards of 20 bucks for a plastic disc that costs them less than 80 cents to produce, but then they don't bother labelling the damn thing sufficiently so that the poor shmuck who buys it (in this case me) can recognize it and whip it out when the mood to hear RadioHead strikes him or her. So said shmuck (me) thinks to himself "Hmm, I coulda swore I owned a copy of that RadioHead CD.... guess I lost it", and then trundles down to Wherehouse to shell out another 20 bucks for a CD that he already owned. For the record, this is not the first time this has happened. I own multiple copies of at least 10 other CDs.
This is what the record companies are reduced to? I can think of no plausible explanation for this lack of proper labelling besides just plain outright deception. I honestly feel that the music industry does this crap on purpose, to sell a few extra CDs. Does it cost them *any* more money to put "RadioHead: OK Computer" on the CD, right under the part where they threaten to sue you if you make a copy? It doesn't have to be *pretty*, just legible!
"But Beau, after having this happen 10 times, shouldn't you spend 2 bucks on a marker and label these CDs when you buy them?" No, and damn you ask a lot of questions. Why should *I* have to carry around a f*cking Sharpie so that I can write a label on a damn plastic disc that I just paid 20 bucks for?!?! For 20 bucks, I DESERVE A LABELLED CD.
I don't use Kazaa. I used Napster a couple times, but I never really got into the whole MP3 movement. You bet your ass I'm going to now. I'm sick and f*cking tired of being bent over by these greedy-as-all-hell music labels at every possible opportunity. They owe me some free music.
:: Posted at 18:20 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Quick, who is the artist on this CD? Give up? It's RadioHead, OK Computer. Want it? I have 2, actually. "But Beau, how many copies of OK Computer do you need?", I hear you asking (Yes, I can hear you. Watch your mouth). It's because the record companies, in this case EMI, are much smarter than I am. It's bad enough that they sucker me into paying upwards of 20 bucks for a plastic disc that costs them less than 80 cents to produce, but then they don't bother labelling the damn thing sufficiently so that the poor shmuck who buys it (in this case me) can recognize it and whip it out when the mood to hear RadioHead strikes him or her. So said shmuck (me) thinks to himself "Hmm, I coulda swore I owned a copy of that RadioHead CD.... guess I lost it", and then trundles down to Wherehouse to shell out another 20 bucks for a CD that he already owned. For the record, this is not the first time this has happened. I own multiple copies of at least 10 other CDs.
This is what the record companies are reduced to? I can think of no plausible explanation for this lack of proper labelling besides just plain outright deception. I honestly feel that the music industry does this crap on purpose, to sell a few extra CDs. Does it cost them *any* more money to put "RadioHead: OK Computer" on the CD, right under the part where they threaten to sue you if you make a copy? It doesn't have to be *pretty*, just legible!
"But Beau, after having this happen 10 times, shouldn't you spend 2 bucks on a marker and label these CDs when you buy them?" No, and damn you ask a lot of questions. Why should *I* have to carry around a f*cking Sharpie so that I can write a label on a damn plastic disc that I just paid 20 bucks for?!?! For 20 bucks, I DESERVE A LABELLED CD.
I don't use Kazaa. I used Napster a couple times, but I never really got into the whole MP3 movement. You bet your ass I'm going to now. I'm sick and f*cking tired of being bent over by these greedy-as-all-hell music labels at every possible opportunity. They owe me some free music.
:: Posted at 18:20 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Speaking of New York
Is it wrong of me to secretly hope it takes another month for Roger Clemens to get his 300th win? I have nothing against the Rocket, and I'm sure he'll do it eventually. I just think it would be funny as hell to watch him hauling around his 100-person entourage to every one of his games only to watch him fail... AGAIN. I heard Reggie Jackson even flew in from California for the attempt last weekend. I wonder how many times he'll do that. After the 4th or 5th game, I'd be like "I'd love to come see you pitch Roger, but I gotta... uh.... the doctor said I shouldn't travel right now."
Anyway, that no-decision in Detroit sure set the stage for a huge matchup in Chicago on Saturday against Kerry Wood, one of the best pitchers in the National League. The Yankees haven't set foot in Wrigley since the 1938 World Series. No pressure, Roger ;)
:: Posted at 07:54 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Is it wrong of me to secretly hope it takes another month for Roger Clemens to get his 300th win? I have nothing against the Rocket, and I'm sure he'll do it eventually. I just think it would be funny as hell to watch him hauling around his 100-person entourage to every one of his games only to watch him fail... AGAIN. I heard Reggie Jackson even flew in from California for the attempt last weekend. I wonder how many times he'll do that. After the 4th or 5th game, I'd be like "I'd love to come see you pitch Roger, but I gotta... uh.... the doctor said I shouldn't travel right now."
Anyway, that no-decision in Detroit sure set the stage for a huge matchup in Chicago on Saturday against Kerry Wood, one of the best pitchers in the National League. The Yankees haven't set foot in Wrigley since the 1938 World Series. No pressure, Roger ;)
:: Posted at 07:54 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
It's 6 A.M...
The only good thing about waking up at 4 A.M. with a hangover is that I get to watch Imus in the Morning, which is about the only compelling program on MSNBC these days. I lived in New York for a few years and listened to Imus every morning on WFAN. WFAN was (still is, I imagine) a sports radio station, which Imus was fond of pointing out during his 4.5 hour show ("4.5 hours of quality radio, followed by 19.5 hours of pointless drivel", I think is how he put it). Do they still play the "quack quack" whenever they say the time during the show?
:: Posted at 06:18 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
The only good thing about waking up at 4 A.M. with a hangover is that I get to watch Imus in the Morning, which is about the only compelling program on MSNBC these days. I lived in New York for a few years and listened to Imus every morning on WFAN. WFAN was (still is, I imagine) a sports radio station, which Imus was fond of pointing out during his 4.5 hour show ("4.5 hours of quality radio, followed by 19.5 hours of pointless drivel", I think is how he put it). Do they still play the "quack quack" whenever they say the time during the show?
:: Posted at 06:18 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Alton, I've failed you
I tried to make the strawberry pudding from the Strawberry Sky episode of Good Eats. Seems a simple enough recipe, I've mastered harder ones! This was a disaster. Maybe I used the wrong wine? I might try it with some CSM Gewurztraminer, I think the red wine I used was too strong. Or not enough sugar perhaps? I dunno, at 10-ish hours per attempt, I can only experiment so often.
:: Posted at 23:32 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
I tried to make the strawberry pudding from the Strawberry Sky episode of Good Eats. Seems a simple enough recipe, I've mastered harder ones! This was a disaster. Maybe I used the wrong wine? I might try it with some CSM Gewurztraminer, I think the red wine I used was too strong. Or not enough sugar perhaps? I dunno, at 10-ish hours per attempt, I can only experiment so often.
:: Posted at 23:32 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
New anti-disclosure proposal
The Organization for Internet Safety (OIS), of which Microsoft, Caldera, and a bunch of security heavy hitters are members, have just submitted a new proposal suggesting a different approach to disclosure. The disclosure debate has raged (and raged, and raged!) for years now, and is always one of the hottest topics in the security community. OIS is actively soliciting feedback from the security community on the draft of their proposal to delay the disclosure of proof-of-concept code until the affected customers have had a chance to schedule downtime and apply the appropriate patches.
:: Posted at 22:18 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
The Organization for Internet Safety (OIS), of which Microsoft, Caldera, and a bunch of security heavy hitters are members, have just submitted a new proposal suggesting a different approach to disclosure. The disclosure debate has raged (and raged, and raged!) for years now, and is always one of the hottest topics in the security community. OIS is actively soliciting feedback from the security community on the draft of their proposal to delay the disclosure of proof-of-concept code until the affected customers have had a chance to schedule downtime and apply the appropriate patches.
:: Posted at 22:18 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Patches = good.... got it?
I'm on the verge of a rant here about the furor over the first security patch affecting Windows 2003. Some sites are calling it "embarrassing", which, in this blogger's opinion, borders on irresponsible journalism.
Guess what. Patches are a good thing, ok? I remember a time when it was Microsoft's goal to put out a Service Pack *quarterly*. But they took so much flak in the press for updating "an obviously flawed" product that we're reduced to this individual patching nightmare that we have to put up with today. <sarcasm>Thanks, much better!</sarcasm>
Criticizing MS for putting out patches is assinine. Look where it got us.
:: Posted at 21:41 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
I'm on the verge of a rant here about the furor over the first security patch affecting Windows 2003. Some sites are calling it "embarrassing", which, in this blogger's opinion, borders on irresponsible journalism.
Guess what. Patches are a good thing, ok? I remember a time when it was Microsoft's goal to put out a Service Pack *quarterly*. But they took so much flak in the press for updating "an obviously flawed" product that we're reduced to this individual patching nightmare that we have to put up with today. <sarcasm>Thanks, much better!</sarcasm>
Criticizing MS for putting out patches is assinine. Look where it got us.
:: Posted at 21:41 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Microsoft renews security vows
CNET's News.Com is reporting on today's speech by Microsoft's Chief Security Architect Scott Charney at TechEd. The article reports that the former Justice Department cybercrime chief wants to pare down the patch deployment methods from the current 8(!) to 2 by the end of the year, with a target of 1 by the time Longhorn arrives in 2005-ish.
As someone who has to apply patches to upwards of 30 servers weekly, I applaud this effort. Hopefully they come through.
:: Posted at 19:49 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
CNET's News.Com is reporting on today's speech by Microsoft's Chief Security Architect Scott Charney at TechEd. The article reports that the former Justice Department cybercrime chief wants to pare down the patch deployment methods from the current 8(!) to 2 by the end of the year, with a target of 1 by the time Longhorn arrives in 2005-ish.
As someone who has to apply patches to upwards of 30 servers weekly, I applaud this effort. Hopefully they come through.
On a related note, Microsoft also launched 2 new security-focused certification extensions available to the MCSE and MCSA crowds. Too bad home users don't have to learn about security and take a test before they stick their wholly-unprotected systems onto the Internet. That's where the real threat lies.
:: Posted at 19:49 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Bullshit Alert
I have to call "bullshit" on the report put out by the ICC recently, that claims 60% of cybercrime originates in the United States. Anyone on the front lines can tell you this is complete BS. The US may lead the world in *reported* cases, but that's because the US is becoming more strict about publicizing intrusions. I read IDS log files every day, and Asia and Eastern Europe top my list. Where the hell is Macedonia anyway?
:: Posted at 12:21 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
I have to call "bullshit" on the report put out by the ICC recently, that claims 60% of cybercrime originates in the United States. Anyone on the front lines can tell you this is complete BS. The US may lead the world in *reported* cases, but that's because the US is becoming more strict about publicizing intrusions. I read IDS log files every day, and Asia and Eastern Europe top my list. Where the hell is Macedonia anyway?
:: Posted at 12:21 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Lance Spitzner on Honeynets
WebTalkGuys recently did an interview with one of my personal role models in the security realm, Lance Spitzner. Lance is a senior security architect at SUN Microsystems, a founder of the non-profit Honeynet Project, author of a fantastic book on honeypots, co-author of a fantastic book on honeynets, and can drive an M1A1 Abrams tank. I'm just glad he's on our side!
:: Posted at 12:03 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
WebTalkGuys recently did an interview with one of my personal role models in the security realm, Lance Spitzner. Lance is a senior security architect at SUN Microsystems, a founder of the non-profit Honeynet Project, author of a fantastic book on honeypots, co-author of a fantastic book on honeynets, and can drive an M1A1 Abrams tank. I'm just glad he's on our side!
:: Posted at 12:03 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Windows 2000 Hardening Guide
Thanks Steve for pointing out a new Windows 2000 Hardening Guide on TechNet.
Great stuff indeed.
:: Posted at 22:42 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Thanks Steve for pointing out a new Windows 2000 Hardening Guide on TechNet.
Great stuff indeed.
:: Posted at 22:42 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Updated Alumni Page
Added Aaron McLin
Updated Steve Makofsky
:: Posted at 22:34 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Added Aaron McLin
Updated Steve Makofsky
:: Posted at 22:34 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Spring Cleaning
My fiancee (pointless sidebar: Fiancee is female. Fiance is male. Carry on.) and I went to look at a couple wedding locations today. Our primary plan is to have the wedding on the cruise ship while it is docked, then kick everyone off and sail into the sunset for our honeymoon. However, we're covering our bases in case something falls through with that plan by looking into a couple other sites. I had also read an article in The Seattle Post-Intelligencer last week saying that cruise ship business in Seattle is being hurt by the fact that Terminal 30 (where Princess moors their boats) looks like an industrial park at first glance. Honestly though, we drove past it today and it seemed fine. Not sure what the P-I's beef is with it. We also drove around Pine Lake for about 1.5 hours looking for the place that Jason and Cynthia got married, and finally found it. I really did like that place, and it should be a good backup for us if the cruise people can't get their act together.
The it was off to Seattle to do more gift registration crap. Oy, what a pain in the ass that whole process is. I can't imagine having to do this in the "old days", before portable UPC scanners. Making things even more difficult is that Jessica and I both own our own houses, both of which are fairly well equipped. It was a lot of walking around asking each other "Do we have one of those?". I think we're about done, we registered at Williams Sonoma and The Bon.
We finished off the day by doing some spring cleaning at the house, in preparation of Jessica moving in sometime this month. Making room for a whole nother person is hard. We spent the rest of the day cleaning up the exercise/storage room downstairs so we can fit her couch into it. Also worked on my office upstairs so we can get her desk in there next to mine. While I was cleaning up, I found the travelog I started when I embarked on my big trip to Italy and Greece a few years back. I will dig out those pictures and do a proper posting when I have time.
Busy, busy weekend.
:: Posted at 22:19 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
My fiancee (pointless sidebar: Fiancee is female. Fiance is male. Carry on.) and I went to look at a couple wedding locations today. Our primary plan is to have the wedding on the cruise ship while it is docked, then kick everyone off and sail into the sunset for our honeymoon. However, we're covering our bases in case something falls through with that plan by looking into a couple other sites. I had also read an article in The Seattle Post-Intelligencer last week saying that cruise ship business in Seattle is being hurt by the fact that Terminal 30 (where Princess moors their boats) looks like an industrial park at first glance. Honestly though, we drove past it today and it seemed fine. Not sure what the P-I's beef is with it. We also drove around Pine Lake for about 1.5 hours looking for the place that Jason and Cynthia got married, and finally found it. I really did like that place, and it should be a good backup for us if the cruise people can't get their act together.
The it was off to Seattle to do more gift registration crap. Oy, what a pain in the ass that whole process is. I can't imagine having to do this in the "old days", before portable UPC scanners. Making things even more difficult is that Jessica and I both own our own houses, both of which are fairly well equipped. It was a lot of walking around asking each other "Do we have one of those?". I think we're about done, we registered at Williams Sonoma and The Bon.
We finished off the day by doing some spring cleaning at the house, in preparation of Jessica moving in sometime this month. Making room for a whole nother person is hard. We spent the rest of the day cleaning up the exercise/storage room downstairs so we can fit her couch into it. Also worked on my office upstairs so we can get her desk in there next to mine. While I was cleaning up, I found the travelog I started when I embarked on my big trip to Italy and Greece a few years back. I will dig out those pictures and do a proper posting when I have time.
Busy, busy weekend.
:: Posted at 22:19 by Beau :: Archived :: TrackBack (0) :: Comment (0) ::
Archives
