In Through The Out Door

Pentagon spying on Americans:Even as the Senate curtails the powers of domestic surveillance by the military, the Defense Department expands its efforts.

Hacking 101 (28 Nov 2005):Interesting take on the newbie document. This one is aimed at getting someone productively writing code on a Unix machine.“This document gives the reader a tour of what the UNIX development environment has to offer. It describes the components usually found in the toolboxes of open source developers, and points the readers to selected web resources that introduce the use of those tools.

Spooks = Bloggers:Earlier this year, former Army intel officer (and Defense Tech homeboy) Kris Alexander told our spooks to start blogging if they wanted to get serious about tracking terrorist-types. Afterwards, he got a flood of e-mails from government suits asking him for help to implement the idea. I’m not sure if CIA agents were among the callers. But either way, the agency seems to have gotten the message.

Giving the U.S. Military the Power to Conduct Domestic Surveillance:More nonsense in the name of defending ourselves from terrorism: The Defense Department has expanded its programs aimed at gathering and analyzing intelligence within the United States, creating new agencies, adding personnel and seeking additional legal authority for domestic security activities in the post-9/11 world.The moves have taken place on several fronts. The White House is considering expanding the power of a little-known Pentagon agency called the Counterintelligence Field Activity, or CIFA, which was created three years ago. The proposal, made by a presidential commission, would transform CIFA from an office that coordinates Pentagon security efforts — including protecting military facilities from attack — to one that also has authority to investigate crimes within the United States such as treason, foreign or terrorist sabotage or even economic espionage. The Pentagon has pushed legislation on Capitol Hill that would create an intelligence exception to the Privacy Act, allowing the FBI and others to share information gathered about U.S. citizens with the Pentagon, CIA and other intelligence agencies, as long as the data is deemed to be related to foreign intelligence…. When you start giving police powers to the military, citizens start looking like the enemy. We gain a lot of security because we separate the functions of the police and the military, and we will all be much less safer if we allow those functions to blur.

Study: IM worms up again in November:The number of threats to instant-messaging users increased again to a record 62, according to Akonix Systems.

A quick AWstats guide:AWstats is a free, popular log analyzer, released under the GPL. It can generate advanced graphical statistics from web, streaming, ftp or mail server log files. This document is not intended to be a review, but rather a quick installation and configuration guide for a specific web site, in order to have as accurate statistical data as possible for use in your traffic analysis reports.

SQL Reference (MySQL n mSQL):

mysql short reference

Next-gen storage, online and offline:200GB and 300GB competition for Blu-Ray and HD-DVD, and online file storage services.

Bluetooth to adopt Ultra Wideband in 2007: Way back in May we heard the first rumblings of discussions between theBluetooth SIG and Ultra Wideband proprietors aboutmerging the two standards — well, looks like Bluetooth’s pulling the trigger on it, and will be updating their productroadmap to reflect the pairing (pun oh so intended), so that by Q3 2007 Bluetooth should have prototype UWB compatibleBT cores a-cookin’. But there are still kinks to be worked out, namely that the twoUltra Wideband heavy hitters — the WiMediaAlliance and UWB Forum — have yet to come together and proceed with a single UWB standard, making the whole thingincreasingly sticky for a third party like the Bluetooth SIG to step in and try to adopt the technology. Still, we cantotally understand that another couple hundred megabits per second on top of Bluetooth 2.0’s 2.1mbps must have beenmighty tantalizing, kinks and all.

SPONSORED BY: Age of Empires III - Real-Time Strategy Game Control a European power on a quest to colonize and conquer the New World. AOE3 introduces new gameplay elements, as well as new civilizations, units, and technologies.

99 useful Run commands:Filed under: Windows, ProductivityIf you’re like me, you probably use Windows’ Run box more often than you use the Start menu. To that end, FixMyXP.com has a list of 99 Useful Run Commands, i.e. stuff you can type into the Run box to get stuff done faster. Chances are you won’t find all 99 useful, and you probably already use some of them daily (e.g. I couldn’t live without "cmd" and "calc"), but there are a few gems nonetheless.

Nessus 3.0 discussed:Nessus is one of the world’s most popular (open source) vulnerability scanners, used in over 75,000 organizations world-wide. Many of the world’s largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications. With the recent news of going closed source Ron Gula took a few minutes to talk to SecurityFocus. From the article: ‘I speak to a lot of different open source project managers and they say similar stuff — it’s mostly free users and not really code contributors.’… Nessus 3 will provide an average 5x speed improvement compared to the old, but open source, 2.x version, and a lot of new features.“

CLI Magic: netcat (26 Nov 2005):Netcat is a great tool, and this is a well written introduction to it.“The netcat utility works on the same principle as the cat utility, but over the network. This can be very useful in a number of situations, such as testing remote services, or for use in scripts, or just to copy files over the network. According to one source, you can even clone a hard drive over the network using netcat and dd.”

MySQL 5.0 cover story: We were quite chuffed to see the latest issue of Linux Magazine featuring MySQL 5.0 on the cover.  There’s an interview with Marten Mickos, an article on MySQL 5.0 as well as a bonus online interview with Monty.  The links below also lead to several good online articles on MySQL Cluster, understanding the query cache, replication tips and tricks and more.  Check it out!

News: VPN vulnerability depends on implementation:The attacks resulted in several companies - Check Point, Cisco, Juniper, Stonesoft and Secgo among them - issuing security advisories and patches.The point of attack was against a protocol used in establishing security associations within IPSec known as Internet Security Association and Key Management Protocol (ISAKMP). It is the means by which two devices authenticate to each other and create security keys before setting up an IPSec tunnel.

News: Security experts lift lid on Chinese hack attacks:Security experts have revealed details about a group of Chinese hackers who are suspected of launching intelligence-gathering attacks against the U.S. government.The hackers, believed to be based in the Chinese province of Guangdong, are thought to have stolen U.S. military secrets, including aviation specifications and flight-planning software.The U.S. government has coined the term “Titan Rain” to describe the hackers.“From the Redstone Arsenal, home to the Army Aviation and Missile Command, the attackers grabbed specs for the aviation mission-planning system for Army helicopters, as well as Falconview 3.2, the flight-planning software used by the Army and Air Force,” Alan Paller, the director of the SANS Institute, said on Tuesday.

A Torrent or a Trickle?:The MPAA’s deal with BitTorrent will do little to change the landscape for file swapping — but it could create the best chance yet for a meaningful and legal P2P media-distribution system. News analysis by Xeni Jardin.

Thanksgiving cooking for engineers:Blog: Why take off your engineer hat when you don a kitchen apron this Thanksgiving? A Web site titled “Cooking for Engineers”…

Don’t Know Jack Schitt?

Exit Strategy in Search of a Party

They do all sorts of tracking of computer vulnerabilities, and they also do worldwide training sessions in stopping hackers, etc. SANS today released a new Top 20 threat list, detailing what kinds of systems and programs are being targeted by hackers these days. Roger Cumming, Director of Britain’s NISCC, which is the UK equivalent of the US’ own Critical Infrastructure Protection Board,detailed two major trends to look out for as far as protecting critical infrastructure.First, Cumming noted, as more and more networks converge onto single platforms (think of communications becoming more and more based on Voice over Internet Protocol, for example) the threats are increased…. More and more apps on a single platform will also offer hackers more avenues into your critical systems.Cumming also mentioned that cyber-watchers are seeing a real shift now in the motives for attacks…. There’s no reason why terrorists, for example, couldn’t try to hire these professional hackers to launch attacks on critical US infrastructure.Now, for the record, if you follow Defense Tech, you know the whole “cyberthreat” issue’s been raised before…. They use much of the same, off-the-shelf software that ordinary users do, and so they face the same issues when it comes to hacking, etc. Scary, I know.Alan Paller of SANS noted, however, that the US Air Force is setting an example of good governance in addressing these threats.