I’m doing some more yahoo pipes work–aggregating and filtering blog feeds. I’ve created a combination of whitelist and a highly filtered set of search results known as Chardonnay, and I’ll eventually make a less-filtered “2-Buck Chuck” and a highly-filtered Eiswein version.

My basic rule-of-thumb for the Chardonnay feed is that if the signal-to-noise ratio of a blog is less than 3:1 or so, I would bump it into Tier 2. Not that they don’t have any good content, but I was trying to keep my feed at least 8:2 signal-noise ratio.

For the Eiswein feed, I’m aiming for 9:1 signal-noise ratio. In order to do that, I have to filter everything, including myself. =)

As far as 2-Buck Chuck, well, let’s say it’s so unfiltered that it has chunks^wpieces of sediment in it. It’s also hard to build something like this and intentionally disable the quality controls you’ve built.

“Why the wine motif?” you ask. Well, I was looking for something that has a price and quality range, so wine fit right in there. I bought www.chateaublogsville.com which will be the entry site for the 3 security blog feeds. It might take me a couple of weeks to get up a simple site but in the meantime you’re free to subscribe to any of the feeds.

One thing that I’m finding out about blog feeds. For the Chardonnay, I had to look at a couple of approaches to feed aggregation. I started out with a linked-to list of people and a desire to have a google and technorati catch-all search to find some relevant information from little-known feeds. After working with some data munging for a couple of days, I notice that the source feeds fit into the following groups:

• Tier 1 Feeds that I want to let through pretty much unfiltered (Mine, Matasano, Curphey, ISM-Community, Bejtlich, etc)
• Tier 2 Feeds that need to be filtered for relevancy (Security Bloggers Network members, news site aggregages that I haven’t whitelisted above)
• Tier 3 Feeds that need to be filtered for spam and then filtered for relevancy whilst wearing lead gloves (technorati and google searches)

Now that I write it all down, it sounds exactly like writing email filters or SIEM tuning or any one of a bazillion uses that you could have for filtering, so I’ve once again recreated ideas that already exist. Of course, I probably could have saved some time by approaching the problem from this angle, but really I had to move the ideas around a dozen different ways until it fit in a way that made sense.

The funny thing is that I had the hardest time filtering on privacy.  I was getting too much junk off the blog search feeds (privacy of timeshares, that kind of thing), so what I’m playing with is killing privacy from the main filter and then filtering the search feeds on privacy and a second keyword.

The usual disclaimers work here: I’m playing with content provided by other people, so I don’t even remotely pretend to have any control over it. There are a couple pieces of junk that will slip through the filters. Because the source of the filters is open for the world to see, you can cheat them by including the right words.

• Blog Statistics and Search Strings
• Google Advanced Operators and Government Website Leakage
• A Day in the Life of the Feedmaster
• Get Yer Feeds Here
• It’s a Series of Pipes

Computer lab that I cared for and kept running as a side job to keep from going crazy from the heat.  Check out the layer of dust.

You can read about my satellite adventures here.

• Wiebetech MJ-1
• It’s All Friggin’ Magic, Mkay?
• My Favorite Conspiracy Theory
• Internet in the Remote Desert
• Pandemic Flu Exercise

…or at least that’s how Yahoo has Pipes to process blog feeds. I’m working on a combined feed for ISM-Community. This has to be the easiest point-n-click programming I’ve done in years.

Right now I have the following feeds:

• ISM-Community Blogs (one for each focus area)
• Guerilla-CISO (This guy is a genius!) =)
• Mark Curphey
• SecurityBullshit.com (Curphey Cartoons)
• Mano Paul
• Alex Hutton
• Jason Bevis

Most of these are low-volume for reasons that any security person who isn’t busy all the time probably isn’t worth hiring or hearing what they have to say.

There are probably more that I don’t know about–it’s not that I selectively left anybody out just yet. The feed should be considered “Beta” quality and shortly (well, when we get around to doing it), we’ll add it to the ISM-Community site.

Drop me a line if you’re an ISM-Community groupie and want your feed added.

And remember, folks, it’s not a big truck. =)

• And Now for Something Completely Different…
• A Day in the Life of the Feedmaster
• Being a PR Wonk is Hard
• Rebuilding C&A
• Get Yer Feeds Here

While I was in the “giant kitty-litter box” some years ago, our base was 200 miles from anything. Our link to the outside world was a satellite Internet connection through a company in Dubai. We had a small 10-station computer lab with about as many VoIP phones behind a Linux firewall doing NAT.

Because everything was running on generators, and Joe the Infantryman couldn’t remember to fill the generators with fuel, our base had very unstable power. We would have an outage every day at around 2:00 in the afternoon.  The power situation and the sand caused the power supplies of the computers to die fairly quickly.

Then one day, a bad thing happened. The linux firewall lost the boot drive during a power failure and didn’t come back up. It went to the maintenance shell which, of course, requires you to log in with the root password. This is when people came and asked me to fix it.

All the firewall needed was a fsck, but I was out of luck–no password. I ripped open the case and booted off a CD but the drive wouldn’t take a fsck. I eventually ended up turning the firewall into a debian box. Using ethereal, I sniffed out a gateway and unused IP address, then I called the company who owned the equipment. We had a nice conversation about how it would take them a month to send out a tech to fix or replace the firewall, so in the mean time, I owned it.

Now the funny thing is that everything is slow when you don’t have the tools available. I had to take one of the workstations and rip out a CD drive to put one in the firewall. I had to sniff out a network connection just so I could download a bootable .iso. These are all fairly small, but they take time.

I think the whole time to get us up and running was about 12 hours. Definitely not the quickest job I’ve done. But at least our guys could call home.

Now the reason that I’m bringing this is is because I’m looking at the movies from Hack In the Box 2006 and there is one about hacking satellites: Hacking a Bird in the Sky – Hijacking VSAT Connections by Jim Geovedi and Raditya Iryandi. These guys used some of the same techniques that I did.

• Et Tu, TIC?
• Omigod, I’m Part of a Botnet?!?!?!
• Sir Bruce Mentions FDCC, World Goes Nuts
• Build a Hack Bag
• My Lunchtime Hobby: Collecting Badges

Always a fun morning, I did a wireless audit today.  Since my building is full of techies (about 500 of us), they definitely have the ability to install a plethora of rogue wireless access points.  Also since the building is full of techies, they knew the distinct ping of Netstumbler as it found something.  Depending on which floor I’m on, I attract a little audience.

But then again, part of the point in doing this is that knowing that somebody does a little “war walking” is a deterrent.

• Barcode Hacking Process
• You Can Run Backtrack in VMWare
• Et Tu, TIC?
• A Short History of Cyberwar Lookalikes
• How I Became the Owner of Two Rogue WiFi APs

My blog server went down.  Don’t know how it happened, but a brief power outage happened and the server didn’t come up.  I went to it today after lunch and gave it a reboot.  It came right up.  I didn’t even have to boot off CD to do some lilo surgery or anything extraordinary.  I have that effect on computers–they fear me for some reason and just work when I’m around.  I guess it’s the fact that I’m holding their little brother for ransom that does the trick.

And just so you know, dear blog readers, you get the same level of service that you pay for. =)   This server is nowhere near anything that would resemble a need for high-availability.

• Meerkats and Risk Management
• Omigod, I’m Part of a Botnet?!?!?!
• An Informal Study on the Literacy Level of Security Blogs–We All Get Pwned by Amrit
• Internet in the Remote Desert
• Tie Down the Livestock, Twister’s a Comin’!