Seth Godin’s take on bacn, the spam you get from social networking sites to let you know that somebody has replied to your comment.

Living with 3 socially-aware people (read: girls) aged 10 to 37, I have a simple solution:  procmail rules to kill all the MySpace/Facebook/$FooSpace notifications on my server so the 200+ pieces of mail never make it to the /dev/null inbox. =)

Word to social networking sites:  put the entire content of the response in the email that way users can decide if it’s worth their time to respond or if it’s just somebody saying “OMFG me 2 gf LOL”.  Your users shouldn’t have to go to your website to read every one of these.

And hats off to the Word Press blog  software–it does put the text of a blog comment into the email notification along with the link to moderate.  That’s the way things are supposed to be.

• Targeted Spam
• A Day in the Life of the Feedmaster
• Omigod, I’m Part of a Botnet?!?!?!
• Server Upgrades
• Realistic NSTIC

I spent a couple of hours today mucking around with Debian and WPA.  Yeah, yeah, you’re all thinking it’s about time I did something instead of bloviate about FISMA. =)

Anyway, I found the best resource on “The One True Debian Way” (TM) to set up WPA.  I gave myself a roaming setup using wpa_supplicant.conf

This is especially important to me now that I’m going out in areas with a ton of wifi interference–I need to be able to intelligently select which AP I’m connecting to since the neighbors have wide-open wifi that is much too easy to associate with.

• How I Became the Owner of Two Rogue WiFi APs
• Blow-By-Blow Commentary
• Stress-Test Apache with Intent to Tune: BSOFH Tip for the Software Masochist
• Assessment Cases for 800-53A Are Available
• Hack Disaster Relief

Yes, I know we’re all security dweebs, but the videos for the Aspen Summit are up. Think IT industry visionaries. Think future of privacy. Think online child protection. Think technology meets the US Constitution.

It’s good watching. Many thanks to the Technology Liberation Front.

My other video obsession is TED, but you probably know about that already.

• Realistic NSTIC
• A Day in the Life of the Feedmaster
• A Little Story About a Tool Named #RefRef
• Government-Wide Monitoring? ‘Bout Time.
• Metasploit Videos

So far I’ve been avoiding mentioning his now-infamous Vista 6-Month Vulnerability Report blog posting because well, it doesn’t really matter to me what he thinks, and any boss that makes a decision solely on this study needs to have a visit from the giant foam cluebat.   =)

But it’s been over a month–the post was published June 21st–and he’s still getting half a dozen comments per day.  I have to respect anybody that can harness that much hate in such a short period of time and still keep coming to work every day.

• Introducing the NoVa InfoSec Portal
• Friday Subversive Music–Nina Hagen
• Does Good, Cheap Colocation Still Exist?
• Targeted Spam
• Turning Routers into Firewalls

Yesterday I got a hasty call from Jon D about my server. He had checked out my blog from work and within an hour got a call from a Symantec SOC that he was looking at a web page that was part of a botnet.

So he called me.

Back 4 years ago I had set up an IRC network for a friend, including my server as one of the nodes. Over time the network died, as they do, and when I moved the server a couple of times over the course of several years, the ircd didn’t come back up.  The ircd.conf didn’t match up with the network interfaces on the box, so ircd would croak every time it tried to start up.

Well, I guess the last server move did something that the ircd did like because it came back up and stayed up.  Bah, that’s resiliency in action for you, kids.

When I got the call from Jon I knew exactly what it was.  It took about 2 minutes to ssh in,verify that there were 8 dirtballs squatting on my server, kill the ircd, and kill the line in crontab that restarts the server if/when it dies.  Problem solved, now back to playing zombie hack-n-slash games.

In an OS sense, there wasn’t a compromise or anything, just the greasies using the application like it was intended to be used, only with a different intent.

• Life Behind “The Great Big NAT in the Sky”
• Rybolov is Dead, Long Live Rybolov
• Downtime
• Turning Routers into Firewalls
• Stress-Test Apache with Intent to Tune: BSOFH Tip for the Software Masochist

No, I’m not talking about the guy at your local automotive garage co-op that signs out wrenches. What I mean is something similar to what a project manager would recognize as scope creep.

Imagine the scenario: You’re a managed service provider and have a variety of tools to do the following things:

• Monitor servers
• Monitor network devices
• Archive/review logs
• Automatically generate trouble tickets
• Manage NIDS
• Manage HIDS

And then along comes a client request out of the blue that surprises you. Say, for instance, they want to generate an automatic feed for an asset management system. It’s a great idea, but you don’t have a tool that can do it, then you end up buying something new.

Normally this is a problem for the typical IT shop. For a Managed Service Provider, it’s what will kill you.  Either you support a tool for all clients, or it becomes a one-off for that particular client, and that’s bad because then you end up with every client having their own peculiarities.

So the big question is, how do you handle tool creep?  Well, about the same way you handle engineers messing around with :

• Train your people on what you have build already and manage attrition.
• The Technical Review Board if you have one can/should do tool evaluations and selections.
• Look at plugins for the existing toolset that you have–can you get the same effect with an additional license/module or teaching a new group of people how to  use what you already have?
• Make the new tool ODC–Other Direct Charge.  IE, carry through the cost to the customer, including design and implementation.

• Being the Resident Curmudgeon
• More Vendor Spam
• Federated Vulnerability Management
• Enterprise !== Managed Service Provider
• 20 Critical Security Controls: Control-by-Control