The Art of Deception by Kevin Mitnick

Posted on by
Reply

Over the last few months I’ve started a lot of books. There is so much interesting reading out there that between the usual blogs that I read, the effort I’m spending learning Ruby on Rails, and the interesting books I run across in my usual ritual of trolling book stores, I’m finding it hard to focus on a book from start to finish. I think the only ones I’ve been able to read completely over the past few months have been Fight Club, Practical Subversion, Second Edition (reviewed early last week), and todays pick, The Art of Deception: Controlling the Human Element of Security by Kevin D. Mitnick and William L. Simon.

It is rare that a book conjures up such paranoia in me. The book is described on the back cover like this:

The worlds most celebrated hacker delivers the lowdown on today’s most serious security weakness – Human Nature.

Boy does he ever.

When one thinks of computer security, one normally thinks about things like closing unnecessary services / ports on your systems, using strong passwords, and things like that. All things of a technical nature that are necessary, but aren’t truly secure because of the people that surround the technology.

Mitnick and Simon do an excellent job in walking you through extremely realistic social engineering scenarios and make you realize that the basic pieces of human nature, like sincerely wanting to help others, fear of crossing someone in an authority position, or just plain carelessness can open up your systems to security breaches no matter how well of a handle you have on the technology aspect of security in your company.

Each scenario is followed by a section called “Analyzing the Con”, where they explain, in detail, the factors that contribute to the scenario being played out and your systems being compromised. There is a lot of interesting information in these analyses that you may not have thought of before.

The last chapter of the book gives you approximately 70 pages relating recommended corporate information security policies. This chapter was excellent, explaining the different policies you can enact and, more importantly – and something you don’t get very often from corporate security – the reasons WHY they are important to implement.

For me, this book was a total eye opener. It is interesting to think about the amount of information that can be “leaked” that seems unimportant at the time one can be in a conversation that can be pieced together later on for the purposes of compromising a computer system or a business.

If nothing else, this book will definitely make you think about the next conversation you have with someone. It shows you the dark side of human nature, where people can seem completely sincere in their interactions with you but deep down have only one objective. To get information. It also illustrates the effort in which people can put forth to put together a con with so much detail, over such a length of time, that the individual interactions seem innocuous, but in the end compromise your systems security.

This book is a must read for everyone even peripherally related to IT. Let me rephrase that. This book is a must read for everyone who has even remote contact with people. Its extremely informative and engaging – so much so that I could hardly put it down.

I’ve already recommended this book to numerous people at work and will be putting it on the required reading list for this year for my teams. Its an area of computer security that is often overlooked and I’m glad to see it covered in such detail – and in a very non-technical way. Anyone can relate to the content in this book.

Do yourself a favor. Take the time pick this one up and read the whole thing. I can guarantee, no matter what your role, you will get something useful out of this book.

The “Official” Christmas Wrap Up

Posted on by
1

Well Christmas is over. We finally had the “official” gift exchange with the boys when they got back from their fathers house at about 10a.

I received Black Label Society – The European Invasion-Doom Troopin – Live DVD from Andy and an iTunes gift card and some damn comfortable slippers from Jake. The perfect gifts. I’m not really the “slipper” type, but I have to day, I’m digging them.

Andy received a digital camera and a Flickr Pro account, along with Call of Duty 3 for the PS2, along with some other miscellaneous items like a pedometer and a mp3 holder for when he goes running.

Jonna received a gift basket containing chocolate, cheese, crackers and the like, along with a bottle of her favorite wine from the boys.

Christmas Morning - Jake Gets a Car Jake received his first car. He’s had his permit for quite some time, but Jonna drives a rather large Suburban thats pretty hard to learn to drive in, and with my commute I’m rarely in the mood to take him driving in the jeep after I get home from work. We figured that the car would serve a few purposes – give Jake something he could actually drive comfortably, teach him some responsibility by paying for half of it – treating his half as a car loan from us, and give him transport to and from work.

Jonna went through a lot to ensure that the gift was presented in a way to maximize the surprise factor for Jake when he opened it. She created a fake video game case, in which she wrapped the car key. The boys are used to getting video games for Christmas, and Jake is a game freak that knows just about every game on the market. I’m not sure what moment was cooler, watching him try to figure out what this game was that he had never heard of, or when he opened up the case to find the car key – and then tried to figure out what the key meant.

We went to great lengths over the last month or so to absolutely convince him that there was no way a sixteen year old would be getting a car for Christmas (he’s asked a lot), so I think the fact that he actually got one was a genuine surprise.

Overall, Christmas this year was quite successful. Each of us got a few things that were important to us and it wasn’t completely over done. From the car perspective, it was more of a practical decision than anything else – and it went over really well.

The one regret that I have about this years festivities is that Jonna and I decided to not buy for each other this year. I love giving her gifts (though I have a hard time finding things that really mean something), so for me not having that this year was a bit of a disappointment. However, we did do a lot of focusing on the kids and when it comes right down to it, thats really what Christmas is all about – isn’t it?

An Early Christmas

Posted on by
Reply

For the last sixteen years, we have normally split Christmas with Kelsi to Christmas Eve for Dad, and Christmas Day for Mom. This has worked out very well for us over the years.

This year was a little different. Kelsi is involved in marching band and her schedule is impacted by football and basketball games that she has to play at. We also, over the past 5 years or so, have lived about an hour away from each other, which makes drive time an issue for both Mom and Dad.

One thing I never realized until Kelsi started band is that the schools are on completely different break schedules. This isn’t too much of an issue until Kelsi goes on break – which she normally spends about a week with us. This year, the difference in breaks caused her to have a game during her Christmas break that she had to go home early for – so we celebrated with Kelsi on the 22nd, exchanging gifts with her.

I would be really interested in the statistics around kids who actually live with both of their parents these days. It seems to me that most of the kids that I run into are children of divorced parents. Schools should really look at that, as the scheduling that goes on makes it really difficult for these kids to spend time with their non custodial parents (especially when they live an hour away).

But I digress …

Our family has reached one of those really interesting stages where everyone is very hard to buy for. We all pretty much have the things we “need” and we don’t really have a lot of wants that are practical enough for Christmas presents, so many of this years gifts were cool ones that addressed things that each of us like, but nothing fancy. The highlight for me was getting a framed picture from Kelsi of one of her entries for her photography class. I can’t tell you how cool it is to get a gift from your child that is actually the fruit of a class where they are doing something they really love. The picture is of a church in Chicago (you can see it on her Flickr page).

She also picked up a book for me called Quintessential Tarantino: The films of Quentin Tarantino by Edwin Page. I’ve been a Tarantino fan for years, so a gift like this was something that hit a total sweet spot for me. The book explains Tarantinos work and highlights the methods he uses in his writing and directing. It also highlights the many similar vehicles he uses across movies that link them up. Very cool gift.

For Jonna, Kelsi presented The Office Season One and Season Two.

The boys received DVD sets of their favorite shows, along with a couple of vinyl albums for Jacob, who along with Kelsi for some reason prefers albums over MP3s. Go figure!

Kelsi received the following from Jonna and Dad for her combined Birthday / Christmas gifts:

We’re entering into a weird stage in our lives. Our kids are getting older and have their own things going on. Even though we all just took an hour to exchange gifts on Friday, it was still a great time to have everyone together focused on giving to each other.

Of course, there are pictures available in the photo album.

Denying Spammers

Posted on by
1

I’ve been having a real problem with the site being hit hard by spammers lately. Consequently, I have turned comments off on most of the articles on the site at this point.

Due to the implementation of SPAM Karma 2 and Akismet, none of the comment spam actually made it to the blog. I was pretty amazed at how thoroughly these two pieces of software have filtered the incoming comments.

However, the comments not making it to the blog doesn’t mean that the spammers haven’t done any real damage. Twice now I’ve come home to find my comments disabled by my provider, due to basically a Denial of Service attack being executed on the site by these morons.

I found a great page at the WordPress Codex on Combatting Comment Spam. I would encourage anyone currently dealing with this problem to check out this page. I will be implementing some of these ideas one by one over the coming weeks to see how much they help.

I’ll let you know of the success I have. In the meantime, if you aren’t running Spam Karma, I would encourage you to go take a look at it and its corresponding Akismet plugin. The combination of both has been highly effective in this corner of the web.

Practical Subversion – Second Edition

Posted on by
Reply

I received a free copy of Practical Subversion, Second Edition by Daniel Berlin and Garrett Rooney on Friday from their publishers, Apress.

I had reviewed the first edition before it was released and had found it to be an excellent companion to “Version Control with Subversion” (C. Michael Pilato, Ben Collins-Sussman, Brian W. Fitzpatrick), mostly due to its coverage of the Subversion API’s – which I had not seen covered in any real depth in any other book.

I have to say, the authors have outdone themselves with the Second Edition. The book is extremely well written for varying levels of Subversion experience. The beginner will find a very easy to understand introduction to using Subversion in the first two chapters, giving a really great tutorial on how to use the tool along with explanations of many of the concepts embodied in the implementation of the tool, such as locking vs. non-locking systems, properties (from file to revision properties), the basic workflow involved in using version control, and how to use the various commands, from checking out, to using svn blame (or ‘praise’ as I learned from the book is an alias for the command) to find the origin of a change in the system.

Thats just the first two chapters. As the book goes on the reader will learn about repository administration, the differences between the BDB and FSFS file systems, using Apache and Apache modules to squeeze additional functionality into the system, migrating from other version control systems such as CVS and Perforce and third party tools that work with Subversion (such as ViewVC, emacs, etc). The book also covers maintaining vendor branches, and contains a very good chapter on Version Control Best Practices. You then have, from my memory anyway, a greatly expanded chapter on using the Subversion API.

Practical Subversion, Second Edition does a really good job of covering information at many skill levels in an extremely accessible way. This book will definitely be one of those that I would put on the shelf at work as we continue to move people into more advanced roles in the management of our repositories – as there’s really nothing the book doesn’t cover.

I’ve been a user of Subversion for a very long time (I think I started around version 0.19 or so) and as I perused the book last night I walked away with some new distinctions about how we were using the tool and changes I could make to make administration and maintenance easier. That says a lot.

Congratulations to Garrett and Daniel on a fine piece of work. Hopefully the next edition will cover some of the newer features of 1.4, specifically the svnsync tool.

Fight Club by Chuck Palahniuk

Posted on by

I just finished reading Fight Club by Chuck Palahniuk.

I remember the first time I had watched the movie. I never actually wanted to see it. Jonna had run across it by chance and told me that I HAD to watch it – that it was a movie right up my alley and that I would love it.

I remember not really believing that it was something I wanted to see but I watched it anyway. The movie blew me away. I thought it was brilliantly written and brilliantly acted. I was completely impressed.

I bought the DVD soon after that and have watched it numerous times since then – always saying to myself “I definitely have to read this book sometime”.

Well, Jake wound up buying the book for some reason and after he read it handed to me and said I just HAD to read the book. So finally, I read it.

The book is absolutely brilliant. More than that, overall the movie stuck pretty close to it, something I was very glad to see. The one thing that I hate the most is when you read a book to find that the movie makers completely trashed it. This one made it through the movie making processes pretty well intact.

If you liked the movie, you will absolutely love the book. The writing style is extremely disjointed – just like the movie. You actually feel like you are on a ride through one mans complete mental breakdown.

While the movie did a fairly good job of exposing you to the main characters inner dialog, there is nothing that compares to actually reading it for yourself.

I will say, its pretty difficult to read the book and not hear Ed Nortons voice as the narrator. Then again, he had the perfect voice for it.

If you liked the movie, you will absolutely love the book. On a scale from one to five – I give t a ten. It’s that good.

Mac Software I’m Finding Useful

Posted on by
2

I thought I’d take some time to sit down and document the tools I’ve been using lately as I continue my acclamation into the MacIntosh world. These are tools that I’ve found really useful over the last six months or so.

  • The Camino Browser – hands down the best browser I’ve found for the Mac so far. It’s my default browser.
  • Ecto – Mac Native application for writing blog entries and posting them to your blog. Supports Blogger, Blojsom, Drupal, MovableType, Nucleus, TypePad, and WordPress among others. Doug referred to MarsEdit as another alternative, but Ecto fits the bill for me perfectly. It includes spell checker, Amazon Web Services integration, templates, preview – really everything you would want in an offline authoring tool.
  • Vienna Newsreader – Vienna is an open source RSS reader for the Macintosh. It is quite comparable to FeedDemon, which I used on Windows, but I like it a lot better. This tool has become one of the things I use daily in order to keep up with things
  • Snap N Drag – Screen capture utility I mentioned in previous posts. I use this all the time as well. Excellent tool.
  • BBEdit 8.5 – BBEdit is an HTML editor for the MacIntosh platform. Its the only thing I’ve found comparable to HomeSite for the Macintosh. I’m using a trial version of this application right now, but there is a good chance that when the 30 day trial ends, I’ll be buying a copy. It makes HTML authoring a hell of a lot easier than Emacs.
  • UberCaster – This is podcasting software. I have a license for it, but I haven’t had the time to muck about with it. By far the easiest podcasting software I’ve seen so far for the Macintosh. The software is currently in beta.

Some additional software I’m looking at that looks useful, but I don’t have need for it yet:

  • Xyle Scope – CSS exploration tool. I’ve messed around with this a bit and it looks really interesting. I haven’t found another tool like it so far. Allows you to explore CSS and how the styles are resolved on your page.

I’m still looking for good image editing software that doesn’t cost a bajillion dollars (like Photoshop) and doesn’t require X-Windows to be installed. If anyone has any suggestions, I’d be happy to hear them.

Home IT Check List Status – The Vacation Posts

Posted on by

I thought I’d give a small update on my Home IT duties that were pending at the time yesterdays post went up:

  • Upgrading the Kids Memory – It winds up that the machine they have, an HP Pavilion 700 series, is maxed out at the current 512M. Bummer.
  • Recovery Disks for Windows XP machine – I got all of my data centralized into one place on the Windows machine – ready to burn to DVD – when I realized that I don’t have a DVD writer on the laptop. Once I realized I’d have to burn 4-5 CD’s worth of stuff, I abandoned the idea of rebuilding the machine for the evening. Since the weather is so beautiful today (hey, at least its not snow), perhaps I’ll do it later in the day. I’m currently copying everything up to the Linux box, which can then be migrated to the Mac, and a DVD burned with all the data.
  • 80G hard drive swap – Taking the main server down takes DNS and external access to the internet – things needed for things like homework – so I didn’t complete this either
  • Setting up the network printer upstairs – This also has to be done today, since the connection was eaten all day yesterday

All in all, yesterday was pretty productive. I was a tad disappointed that the Pavilion wouldn’t take any more memory, but overall I got a lot of things done that have been waiting for quite some time in the queue.

I also got an unexpected treat. Back in August I had thrown a link in my del.ici.ous links about Bryce, a 3D rendering program, being released for free for a limited time. I had downloaded it back then but had never done anything with it. I used to love this program back in the day and would spend hours playing with it. I’m not really the artistic type, as I tend to get extremely frustrated when I try to do anything even remotely resembling “art”, but I loved that program.

Last night I was able to expose Jake to it, which was pretty cool. He loved it and spent some time playing around with it starting with a base landscape that I threw together just to show him what it could do. I found it extremely cool to share something like this with him from back in the day that he was actually interested in seeing. For me, it was cool to play around with an old friend again and to share it with one of the kids and actually have them find it interesting. Those moments come few and far between as the kids get older.

I’ll end this with the final rendering of what Jake was working on last night, while I go check my file copies from the Windows box.

Jake Plays with Bryce

Our First Day of Vacation

Posted on by

This is the first year since we’ve been married that Jonna and I are both in IT. This week marks the first available time that we’ve had to take vacation this year. Unfortunately, she had to work.

I figured I might as well catch up on some of my “Home IT” duties that I’ve been neglecting for a while, so after sleeping late and missing giving the kids a hard time for having to go to school while we sat around being lazy on vacation all day, I started taking care of the ol’ network here at the Labs.

Here’s the list of what I have done so far:

  • Andy has been dependent on Jonna’s laptop to pull music on his Creative Zen Sleek MP3 player for a number of months. He had some troubles getting the software installed on the kids machine. This, of course, involved installing five bajillion XP patches and Media Player 10 before I could even get to the point of installing the drivers for the player. While I was at it, I figured I might as well install IE7 as well. I finally got both the MP3 player and Napster working. I know this because I verified it by loading a few Steve Vai songs on it for him. Lets see how long it takes him to notice. 😉
  • Performed a complete virus scan of the kids computer. Thankfully, its clean
  • Running, I think for the first time, a defrag on the kids computer. Its run 3 hours so far and is only 1/3 done
  • Began rsync backups of the Linux server to the Western Digital WDG1U2500 My Book 250 GB Hard Drive I bought over a month ago for just this purpose.
  • Cleaned out my Google Mail inbox of all junk mail (as long as I could handle that tedium, anyway)
  • Actually cleaned off my desk (well, the working area anyway). There’s still a lot of work to do here, but I can at least say I started. That’s got to be worth a few “husband points”

On the list for later:

  • Buy another 512K for the kids machine, bringing them up to 1G. Just doing routine maintenance on their machine annoyed me. 512K just isn’t enough to run Windows anymore.
  • Create recovery disks for the Gateway Windows XP machine and back up the data to DVD so that I can rebuild it and get the boot time down a tad from the 10 minutes it takes now. I want to start using it for things I don’t want to use the Mac for (like running The Gimp).
  • Swap an 80G hard drive out of a machine just retired here at the Labs into the Linux server
  • Set the kids machine up to print to the network printer (would have done this earlier, but the machine was unhooked so that Jonna could plug her two laptops into the network)
  • Buy a tarp to cover the the furniture on the patio

Sure, it may not sound too relaxing, but its stuff that has needed to get done for a long time. I think the pay off will be not having all of this hanging over my head the rest of the week.