Category Archive

You are currently browsing the category archive for the ‘Internet’ category.

Enterprise Class Mobile Phones

Sunday, January 29, 2012 in interesting view, Internet, security | Tags: , | Leave a comment

You Just Can’t Secure Them

As I dig deeper into IT security and am exposed to more and more about security I can’t help to think about things from a security point of view.  It is getting to the point where the security point of view to something is my first point of view.

As usual this time of year, I am involved in a lot of different audits and reviews.  While going through a clients requirements for their vendors I started to think about mobile phone.  Not any in particular, but all of them in general and how much the space has changed over the last five years.

What I am really curious about is why nobody seems to be leading the enterprise space for mobile phone and devices.  Sure it seems iPhone is taking over and are a huge presence in corporate environments; though from a security point of view its all a scary proposition.

What is missing is the ability force policy and lock-down mobile phones and devices.  I can’t set policies to say, all phones must have a password, and that password must be at least six digits long.  Sure these parameters can be set from the phone, but not being able to centrally control this stuff is a big fail.

Now Windows phone 6.5 was a big piece of crap, I know this, but what it had that most others do not is the ability to set policy on the phone from active directory.  Exactly what you need to do in an enterprise.  If you are running a Blackberry server you have some good controls around the phone, though I know fortune 500 companies who are dumping their BES servers for Blackberry Express Servers because it’s just too much money to maintain the BES server for an ever-dying space.

I guess I understand why Microsoft jumped after the consumer phone space, wanting to jump on iPhone bandwagon, but they left a huge space untapped.  I saw a tweet today that only 6% of Chinese have cell phone, and what a space to get into.  I guess there is a lot of potential there, but personally I find it easier to make money closer to home, and here in the States we need enterprise class phone.  Top functioning iPhone, Windows Phone 7 class phones with a solid ability to set policies on them and restricting users from overwriting those policies.

I am not sure who will be first but I can’t wait.  Whomever it is, they will produce billions in revenue, billions.

Perhaps what needs to be done is not rely on the phone development companies but third parties to develop controls for mobile phones, so a whole gamut of phones can be locked down by central policy.  The company would need to build apps for the different phone types and be able to lock those apps down so they cannot be uninstalled by users, or if they are the needs to auto-wiped at the same time.

It’s not horrible that phone development companies are concentrating on the user experience, there are a lot of really great phones being produced.  Someone needs to move on the security space around these phones as the continue to infiltrate deeper and deeper into corporate America.

A Software Application Idea

I work in a Windows world, so this idea is from a Windows Server view. Build an application which installs in active directory which allows you to register users phones with their user accounts.  On the phones an application is installed which is used to force the policy on the phone.  I wonder if there would be issues controller password, and other security aspects of a phone.  Meaning, will the manufactures allow you access to those parts of the phone with their SDKs.

Load the application on the phone, register the phone with AD and allow the system to lock down the phones based on the policies you have set.  As long as the application is found on the phone (plus verification through certificates) the phone may be used and send/receive email, etc.

If the application is removed from the phone, the phone is auto-whipped.  This application can also provide encryption services for the phone.  PGP verify emails on your phone anyone?

This can’t be an original idea, but I do like it.  It is a great way to allow the phone development companies to concentrate on UX and someone else enterprise security.  Hardware support for this would be useful too.

Tell me what you think of this idea, or if it already exists, point it out to me, I would love to check it out.

█ ███ ████ █ ███ ██████ ██████ ███

Wednesday, January 18, 2012 in computer hell, crooked views, Internet, life, that poop is cold | Tags: , | Leave a comment

█ ███ ██████████ █ ████ ████████████ ██████████████████  ███████████████ ██████ ████████████████████   ███████   ██████ ████ ██████████ ███████████████████████

████████████████████ ████████ ████ ████ █████████ ███ ████ ████████ ████████████ ████ █████ ██████ ██████████ ██ ███ ████ ███████ ███ ████ ██ █████ ███ ███ █████ █████████ ███████████ █████████████████ █████ █ █ █ ████ ███ ████ ███ ██████ ████████████  ██████  ███████████ ███████ ███ ██████ ███ █████ ██ ████████████ █████ ██████ ███ █ ███████████ ███ ██ █████ ██ ████ ███ ██████ ███████████ █████ ███ ████████ █████ ███ ███████ ██████ █████ ██ ████ ████████ █████ █████ ███████ ██ ███████ ██ ████████ ████ ██████████ █████ ██████████████ █████████ ██████ █████ ███████████

████ █████ ████████ ████████████████ ███ ███████  █ █ █ ██ █████ ███████ ███████████ █████ ███ ██████ ██████████ █████████ ████████ ████████ ███ █████ ████████████

██ █████ ██████ █████████ ███████████ █████ █ ████ █████ ███ ███████ ████████ █████████████

█████ ███ ███████ █████████ ███████████ █ ███████ ██ ███████ ███ ██████  ██████ ██ ████████████

██████ ███ █ ███████ ███ ████████ ████████ █████ ██████ ██████ ███████ █████ ████ ████ ████ ██████ █████ ██ ████ ███████ ████ ██████ ███ ████ █████ ██████ ███████

██████ ██ ██ ██ ████ ███ ██████ ████ █████████ ███ █████ ███ ██████ █████ ████████ █████ ██████ █████ █████ ███ ███████ ██████ ████████████ ████████████████████████████████████████████████████████████████████████████ ███████ █████████ ██████ █ ███ ██ ██████████ ██████████ ███████████ █████████ ███████ ██████ ███ ███████ █████ █ █████ ████████████ ███████ ██████ ████ ██████████ ██████████████████ ██████████████████ ██████████████ ███████ ██████ ███ ████████ ████ ████████ ██ █████████ ██████ ████████████ ██████████████ █████████ ██████ ████ ██████

████████████ █████████████████ █████████████████████████ ███████████████ █████████████ ██████ ████████████████████████ █████████████████ █ ██████████

2011 in review

Monday, January 2, 2012 in Internet | Tags: | Leave a comment

The WordPress.com stats helper monkeys prepared a 2011 annual report for this blog.

Here’s an excerpt:

A New York City subway train holds 1,200 people. This blog was viewed about 3,900 times in 2011. If it were a NYC subway train, it would take about 3 trips to carry that many people.

Click here to see the complete report.

Code Highlighting at WordPress.com

Monday, November 14, 2011 in Internet | Tags: , | 2 comments

After four or so years of using wordpress.com for my blog I finally figured out how to highlight code (prettify) in a blog post.

Thank you to @jasonclevine who sent me message on twitter on how to do this.

All you need to do is wrap your code with

[sourcecode language="xxxx"]

[/sourcecode]

There are a bunch of different languages supported and other options which can be defined.  You can find all the details here: http://en.support.wordpress.com/code/posting-source-code/

Creating blog posts from emails

Sunday, October 9, 2011 in Internet, programming | Tags: , | Leave a comment

For some time now I have wanted to post to a blog from an email account.  Some blog engines these days have this functionality, like WordPress and TypePad.  Some through plug-ins and some built in.  I have used the WordPress plug-in on a test installation, and it works pretty well.  Though WordPress is probably my most preferred blogging engine, most of the time when I am installing blogs, it’s on a Microsoft stack and I am not big on running PHP on Windows.  On the Windows stack I really like using Blogengine.NET.  I find it to be a very capable blogging engine.  The only problem is, at least to date, I have not found a plug-in for it to post by email.  What it does support though is XML-RPC.

With the Help of the XML-RPC.NET library and a few hours away from the family, I through together a rough blog posting application.

I added in OpenPop.NET, a popmail client library I have used in the past, and now have a way to collect emails.  Now all I needed to do is tie them all together.

The outcome is Blog by Email (http://blogbyemail.com).  An online service for setting up email accounts to post to blogging engines.  Besides looking like crap (I am using the generic MVC layout), it is functioning well. I am hoping my buddy will give me a hand coming up with a real design for the site.

The biggest challenge to setup posting to a blog is finguring out what XML-RPC entry point is, and what the blogging engine uses for the Blog Id.  The blog id is often the name of the blog, but I found in MovableType it uses the actual integer value assigned to that blog.  Bit of a pain to get that value.  A cool aspect of MovableType is that it generates a password to use for posting via XML-RPC.  A nice security feature.

Speaking of security, to protect the users entered credentials I am encrypting both usernames and passwords in the database.  Also, each user is given a unique key pair when the sign up with the service.  Little steps to make it harder to get this information in case someone does hack the application.

 

If you need to post to your blog from a POPMAIL email address, give Blog by Email a try.  The service is free (at least until it grows to the point where it needs a bigger web server).

While the site is getting off the ground and I get the code stable, registration is closed.  There is a form request an account.  I am looking for people to help test the system, so if you are interested please let me know.

Brett

http://blogbyemail.com

How often do you verify file hashes?

Wednesday, September 22, 2010 in experiment, Internet | Tags: | Leave a comment

I want to know, how often do you verify file hashes?

Most of us are continuously downloading files from the internet.  With many of these files there is a posted hash value to verify the integrity of the file.  How often do you actually make sure that the file’s hash value is equal to what is posted?

If you are using windows there is a really convenient, easy to use program called BD File Hash.  This super small, .NET based application will calculate and verify file hashes using MD5, SHA-1, and SHA-256 algorithms.  If there is a different type of hash you require, leave me a comment and I will see if can be added to the application.

BD File Hash: http://bdfilehash.codeplex.com

BD File Hash has been found 100% malware free by Softpedia.

Home Router Vulnerability

Thursday, July 22, 2010 in computer hell, Internet | Tags: | Leave a comment

This is pretty nasty and will surly have a wide impact on home Internet users.  I just read about an exploit which has the potential of affecting millions of home internet users.  The exploit affects home routers and will be explained in detail next month at the Black Hat conference in Vegas.

http://blogs.forbes.com/firewall/2010/07/13/millions-of-home-routers-vulnerable-to-web-hack/

http://www.theregister.co.uk/2010/07/19/home_router_hack/

I shouldn’t have to say this, but IF YOU HAVE NOT CHANGED THE DEFAULT PASSWORD ON YOUR HOME ROUTER, DO IT NOW!!!

Don’t think it really matters?  Well here is how easy it is to get a list of default passwords.

If you don’t know what to do, call someone who does know what to do.  If you don’t know who to call, call me (i.e. leave me a comment) I will be more than happy to help anyone secure their home network.

Wow a pain with Parrelles Plesk

Tuesday, July 13, 2010 in computer hell, Internet, that poop is cold | Tags: | 1 comment

I have been using Planet SMB hosting for a year or more now, and find them to be an adequate host who give a lot of stuff for the dollar.  I wouldn’t run a high availability application on them, but than again, I am not doing that, so it all works out.  I highly recommend them for any developer who needs a place to showcase stuff and use as a staging site or fee-based hosting site for their clients.  To clarify, when I say high availability, I don’t complain about them having downtime, because I really don’t experience much at all.  The issue I do have is wait times.  For applications to spin up, and the Plesk Panel which seems to always be painfully slow and times out. No phone support, though emails are usually answered in a decent amount of time.

The issue I had with Plesk is that when I setup my domains (I get 5!) an expiration date was set on them.  So today at some time they just stopped working!  WTF!  I know I never set this date, is this some strange default which was set?

I set in a critical ticket to PlanetSMB and it’s been 15 minutes and no reply.  In this case I figured out what happened, but I still want to see how long it takes to reply to my critical ticket.

UPDATE: So this is cool, I heard from PlanetSMB Support (Mike Eldredge actually, the owner) in 16 minutes with a good answer to my issue.  So he was right on it with the critical ticket, Yeah Mike!

Taking all the way to the stop

Wednesday, June 16, 2010 in Internet, life, nerdiness | Tags: | Leave a comment

Happy Summer!  The kids are out of school and already bored.  My oldest son though is really into reading this year, I mean REALLY into it.  He has probably read 10 books already on summer break.

His school has a degree program for reading books during the summer.  Basically the students get a star for each day they read more than twenty minutes.  My son has been doing much more than that I thought it would be great to keep track of it.  I am sure looking back at the list at the end of the Summer he would be pretty impressed by the list too.

My first thought is that I would set him up with a blog, and he could type in the books he read on any given day.  He and I have done some basic web page building together, so I thought he may get a kick out of this.

So I added a new blog to my account here at WordPress and picked a theme I hoped he didn’t think sucked.  When I went to add his as a contributor to the blog I discovered he needed an email address to that.  Hmm….

Well I have thought about setting him up with an email address in the past, but never did it as there was really no reason and he is only eight.  So I went to Comcast to set him up with a family account.  The didn’t have the name I wanted, damn.  Well I found one close enough and went with that.  At least Comcast has some parental controls, I’ll have to look deeper into that.

I set him up with a WordPress account and when there to log him in.  When I logged in with his account to verify everything I was greeted with a page of many, many blogs.  Well this is not good, he doesn’t need to be exposed to to this, too young yet, too dangerous.

Going to the next level

As I pondered this in a background processes it hit me, what about setting up a new domain and hosting the stuff myself!?  I checked at GoDaddy and shit, the domain is available, excellent.

$10.67 / year for the domain, not so bad.  $9.99 for privacy, what!  that’s a bit outside.  Then it hit me again, Dreamhost.  Dreamhost has a free domain with a paid subscription and I never used it, perfect.  Off to Dreamhost

I was able to create and host the the domain on my current account and loaded up a WordPress blog in about 10 seconds.  Added an email address and we are ready to go in a more “controlled” environment.

So a simple idea has bloomed into a fully hosted domain with private emails and sites, all for an eight year-old.  I am the Tim Allen of the Internet!

So my son and I went over some of the stuff I put together and he is pretty interested in it all.  As expected he is a bit overwhelmed.  That’s OK, we’ll take it a step at a time in what ever direction interests him most.

Install MoinMoin on Dreamhost. A Walk Through

Saturday, November 21, 2009 in Internet, nerdiness, Tutorial | Tags: , , | Leave a comment

The goal of this document is to walk through the installation of a MoinMoin wiki without getting bogged down in any details.  We’ll go through requirements, decisions, and steps to complete, that’s all.  (OK, I did end up indicating what directories are added; I can’t stand when stuff is added I don’t know about.)   I will follow up this post with the details for those who are interested. Once you have completed the steps herein you will have a working MoinMoin wiki on your Dreamhost.com shared hosting account.  By no way is this the only way to set up MoinMoin on an account, or even the best way, but I tested it and it will work.  Lets get to it!

Requirements

  • Dreamhost shared hosting account.
  • A domain setup as fully hosted
  • Shell and FTP access to the domain account

Assumptions

  • Dreamhost running python version 2.4
  • MoinMoin version 1.8.5
  • Understanding of editing files from Linux shell
  • acctname is the accout name you used to access your domain account through ssh and FTPS.
  • ~/ = $HOME = /home/acctname/

Decisions

  • URL to run wiki from (we use sub directory) [We will use: http://hosteddomain/wiki]
  • Private name for the wiki’s instance name [We will use: dhwiki]

Steps

  1. Download MoinMoin wiki tarball from http://moinmo.in/MoinMoinDownload (moin-1.8.5.tar.gz) to your local workstation.
  2. From FTP: upload file to Dreamhost into folder ~/files [/home/acctname/files]
    ** All commands from now on are from your shell access **
  3. cd ~/files
  4. tar -xvzf ~/files/moin-1.8.5.tar.gz [new directory is created: ~/files/moin-1.8.5
  5. cd ~/files/moin-1.8.5
  6. python setup.py --quiet install --prefix=$HOME --record=install.log

    [two directories created: ~/share/moin; ~/lib/python2.4/site-packages/MoinMoin]

  7. Setup environment variables 
    1. export PREFIX=$HOME
    2. export SHARE=$PREFIX/share/moin
    3. export WIKILOC=$SHARE
    4. export INSTANCE=dhwiki
  8. cd $WIKILOC
  9. mkdir $INSTANCE
  10. cp -R $SHARE/data $INSTANCE
  11. cp -R $SHARE/underlay $INSTANCE
  12. cp $SHARE/config/wikiconfig.py $INSTANCE
  13. chmod -R o+rwX $INSTANCE
  14. Edit file $INSTANCE/wikiconfig.py
    Find and change the follwing lines:

    1. sitename = u'Your Wiki Title'
    2. logo_string = u'<img src="/wiki/common/moinmoin.png" alt="MoinMoin Logo">'
    3. Remove hash (#) in front of: page_front_page = u"FrontPage"
    4. data_dir = '/home/acctname/share/moin/dhwiki/data/'
    5. data_underlay_dir = '/home/acctname/share/moin/dhwiki/underlay/'
    6. url_prefix_static = '/wiki'   [(remove # from line)]
    7. mail_smarhost = "dreamhost smtp server"
  15. cd ~/hosteddomain
  16. cp -R $SHARE/htdocs wiki
  17. chmod -R a+rX wiki
  18. cd wiki
  19. mkdir ./cgi-bin
  20. cp $SHARE/server/moin.cgi ./cgi-bin
  21. chmod -R a+rx ./cgi-bin
  22. cd ./cgi-bin
  23. Edit file moin.cgi
    Find and change the following lines.  Please remove the # if they exist on THESE lines:

    1. sys.path.insert(0, 'home/acctname/lib/python2.4/site-packages')
    2. sys.path.insert(0, '/home/acctname/share/moin/dhwiki')
  24. cd ..
  25. Edit file index.html
    Find and change the following lines:

    1. <meta http-equiv="refresh" content="0; URL=cgi-bin/moin.cgi/">
    2. Click <a href="cgi-bin/moin.cgi">here</a> to get to the FrontPage
  26. Go to your favorite browser and enter your wiki's domain: Http://hosteddomain/wiki

Use these instructions at your own risk.  I extend no warranties or guarantees about the accuracy or safety of your data or website.

These instructions where tested by building the following wiki: http://MMonDH.brettski.com/wiki

All comments are welcome

References Used

  • http://master.moinmo.in/MoinMoin/InstallDocs#basic-install
  • http://www.wombatnation.com/misc/installMoinMoinDreamHost.html

Revision Information

  • 11/21/2009
    • Initial post after successfully building a wiki following exact steps
Is this a negotiation, or are you just not interested? I am spending about 40k a month right now on consultants, so I have plenty of money to spend. Culture, to me it's directly impacted by budget and resources. At the time that we spoke my budget isn't nearly as high as it is right now. If you are talking about working evenings you do that already.
11/20/2009 8:11:16 PM mikeg1@ephmc.com (E-mail address not verified) Brettski *red+u When we first spoke, I was under the impression you no longer available after 6:00. You underpromised, so you could over deliver. I found out later that you were one of the hardest working guys that I know.
11/20/2009 8:13:30 PM mikeg1@ephmc.com (E-mail address not verified) Brettski *red+u Maybe you don't want to work that hard which is why it became an issue for you when I was pressing it. When I interview people, I always try and understand where their comfort levels are so I understand their boundries. The way I saw it is you wanted to have dinner with your family and got back on the computer later. Here is what I would ask for you to do.
11/20/2009 8:15:12 PM mikeg1@ephmc.com (E-mail address not verified) Brettski *red+u Look at your last month, and figure how many hours you really worked. Was it 40-50? 50-55? or +55 hours per week? I am interested in knowing because I am guessing your somewhere between 50-55.
11/20/2009 8:18:46 PM mikeg1@ephmc.com (E-mail address not verified) Brettski *red+u When we were in our discussions, you were giving me the perception that it could cause a problem for you at home if you were hoing to have to put in over 45 hours. What I really think is if you could make $110,000 in a 50 hour work week, or you could make $150,000 in a 60 hour work week I think you would probibly work 60. And then figure how you could get it down to 55... and then 52...
11/20/2009 8:21:25 PM mikeg1@ephmc.com (E-mail address not verified) Brettski *red+u And at the same time you were doing that, you would get me from 65 to 58, and 58 to 52, and so on. So at the end of the day, it really comes down to how much my time is worth as well as your time. Which is something you might not be taking into consiteration when you limit your opportunities and not discussing this further.
11/20/2009 8:23:43 PM mikeg1@ephmc.com (E-mail address not verified) Brettski *red+u Currently, I have 3 consultants I am paying 170,000 and they are not as smart as you are. They are down the street and you were down the block. At a certain point, I am sure you can understand that I can only afford to spend so much time in IT. I am ready to discuss dollars if you are. I am willing to discuss the boundries, or we can not discuss it at all.
11/20/2009 8:24:56 PM mikeg1@ephmc.com (E-mail address not verified) Brettski *red+u Hopefully you at least know where I am comming from. Bottom line, I am sitting here writing big checks saying to myself. Would I be writing checks this big and having to invest the time if Brett were here?
11/20/2009 8:27:22 PM mikeg1@ephmc.com (E-mail address not verified) Brettski *red+u I don't mind writing the checks, what I mind is when I have ot write the checks and still put in the time. You asked me what my commitment to you would be. If we were to do something, I told you I would give you a year of 60 hours a week of helping you acclimate yourself to our company. Thats a big investment of my time. I apprechiated the question because no one had ever asked me before.
11/20/2009 8:29:59 PM mikeg1@ephmc.com (E-mail address not verified) Brettski *red+u So here is what you have to ask yourself... Do I want to pass on the biggest financial opportunity of my life without going to see this man? The question I would ask you, is why would you want to limit your opportunities?
11/20/2009 8:34:35 PM mikeg1@ephmc.com (E-mail address not verified) Brettski *red+u The only thing I can think of is that you would be affraid of the industry, maybe that you were getting dragged into the deep end of the pool, giving up a job that I like that I am currently doing. Also, I did hire a senior level programmer for more money than you were asking for when you were interviewing and I am willing to pay him. Because I see how much value he brings me.
11/20/2009 8:35:27 PM mikeg1@ephmc.com (E-mail address not verified) Brettski *red+u I guess the question I would ask you is would you be willing to work with a programmer that makes more money that you did if he had the tallent?
11/20/2009 8:38:26 PM mikeg1@ephmc.com (E-mail address not verified) Brettski *red+u We have an aggressive agenda, I am looking to bring in top guys to make my life easier. I think you would be a good fit. Tallent costs money, I realize that. Something to consider, the banks are looking to change the comp plans for the Loan Officers and cut what they pay the Loan Officers by 50% of what they pay now. They are doing this as a result of the pressure they are getting from the gov
11/20/2009 8:39:50 PM mikeg1@ephmc.com (E-mail address not verified) Brettski *red+u The insurance companies that own mortgage companies are following suit. Which means that we have hundreds of people who are looking at our company as a result of massive pay cuts across the industry, which we are not participating in doing.
11/20/2009 8:41:18 PM mikeg1@ephmc.com (E-mail address not verified) Brettski *red+u I know you have been looking for that 1 opportunity that you could capitalize on. Maybe this is it? Is it really that far from the relm of possibility?
Subscribe in a reader

Twitter Updates

Follow

Get every new post delivered to your Inbox.

Join 74 other followers