JotSpot Craziness !!

Many Many Moons ago, I was one of the first beta testers for JotSpot and actually did discover some critical bugs and what not. Any-hoot that was Circa 2004, and I then forgot about it.

Anyway today news kinda got me thinking if Google has acquired this property, do I still have my pages available. In short, it was in my jotspot status == "This wiki is currently in hibernation" !!

Good going, so I activated it and also invited all those other geeks into my wiki to see what was up in this space.

Interesting to note that JotSpot Framework is really tied down well together... and I am happy at being an early adopter :)-

if you want to see what jotspot is about, I can invite you to my wiki for fun.. just email me. .. oh btw.. Jotspots accounts are frozen for the time being.. but an invite will permit you to play in this pen test area of mine

any-hoot, Happy Halloween. !!

Last time we'll 'fall back' in October

Oh well, this is the last time 'ever' that we will fall back in October !! yeah that sucks, because of that new engery bill

"Under a law passed last year, daylight-saving time will start the second Sunday in March and run until the first Sunday in November, making it three weeks longer.

The law -- called the Energy Policy Act of 2005 -- is intended to make daylight last longer, thus saving energy."

Why do we Canadian having to follow that rule ?? What will happen if we just keep moving along with the same old rules for daylight settings ??

Vulnerability automation and Botnet's

Gadi has an excellent review. I'll cut and paste because its good :)-

"So, what I am going to talk about... A tad bit of history on vulnerabilities and their use on the Internet, and then, what we are going to see on corporate, ISP and Internet security relating to botnets thiscoming year.

Vulnerabilities don't exist for the sake of vulnerabilities. They are used for something, they are a tool. Botnets are much the same, using vulnerabilities on the next layer.

This past year we have seen how disclosed vulnerabilities, patched vulnerabilities and 0days have been utilized by automated kits. An inter-linked system of websites which download malicious code (update the kits), try to infect millions of users from just a couple dozen main hubs, and react to the environment.If a certain vulnerability is seen to be more successful on certain OS types or if one is found to not work, the kit will be fixed accordingly and distributed. Often immediately after a patch Tuesday, likely that same Friday evening.

This way, income can be maximized with the number of infections, data stolen and thus ROI. Both from the expected response time of the vendors as well as how many victims can be reached in that window.

One such kit is Webattacker, which has recently been getting more known in public circles.

Where we are

That does it, botnets are mainstream. People did not yet understand the idea that software vulnerabilities facilitate an attack (=are not the attack) and botnets facilitate much the same, only on a different level. I will discuss that further after what interests everybody.

Solutions in the coming year!

First, many products in the industry have been implemented successfully in the past, just as solutions of necessity, not "products". Some were successful, some failed. Some (services) have been supplied to the rich and connected, some haven't. Botnets are now main-stream, which means other lesser beings and corporations want these services. They want to be protected in a hostile world. They realize the Internet is not a safe place, and plan accordingly.

Services we will see more and more of: *. Intelligence (very limited), showing IP addresses for botnet command and control (C&C) servers, which your computers may be connecting to
(i.e. compromised).

*. Intelligence (very limited), showing IP addresses that you control which show in spam (meaning compromised hosts) or show in other ways in botnet data being collected. Mostly, this is spam-oriented and the rest of the intelligence is barely noticeable as of yet.

*. Intelligence (very limited) on the millions on millions of credentials (for sites, credit cards, banks, eCommerce systems, etc.) and identities being stolen every single day by massive phishing man-in-the-middle trojan horses.

*. Intelligence (very limited) other black listing services.

In the past, a limited version of these services was provided, but very secretly, and at a very high cost.

Products:

Botnet products on the network can either detect internal problems (such as bots on the corporate or ISP network or the spreading of infections) or external problems (such as C&C servers or attacks from the world). These can be based on behavior or intelligence.

Solutions, which we discussed in the past and are now going to manifest:

Intelligence-based (until now only supplied by select groups to select
groups) -
*. Known bad IPs. Etc. Much like in spam, only for other realms.
*. Known bad URLs or domain names. Etc. Much like in spam, only for other realms.

Detection -
*. IDS approach (decent but not even close to cutting it),
*. DNS monitoring approach (very cool, but is just one approach in a layered solution).
*. Netflow approach (proven for years now, only one approach, however
useful, which is growing more limited every day).

Respond and quarantine -
*. Walled garden approach (close off/limit suspicious or confirmed
compromised computers until they clean themselves. NOt successful  in current solutions, shows promise).
*. Try to fix the situation remotely (solve the vulnerabilities, etc. ahead of time or remove after the fact).

There are several others, but these are the main ones describing the 10 or so products we are about to see (all of which are already available publicly as open source, privately developed tools or unsuccessful solutions due to lack of client awareness and interest).

QoS, virtualization and half decent intelligence gathering will come next. Other solutions I will not waste breath speaking of right now, they will appear for public consumption once the effectiveness of the solutions above (or the better ones there) is done to dust.

What's next?

Decent, real decent, intelligence, and support response tools to mitigate what you find in conjunction with a response team trained to deal with thousands of real incidents rather than mark check-lists on a couple an hour to a couple a month. That's simply not being aware of what's happening in your network. Many of the CERTs and SOCs are very trained and high quality, they are not equipped or don't see what they need to react to nor in most cases are built to deal with this threat.

What's never going to happen?

With security done right, on a wide-scale, with a decent systems design, network, policy, monitoring and responce - a lot can be done and 0days can also be avoided, even (and especially) with business concerns being put first.

"Bloggers are such Asshole" and Randys Right !!

"I gotta say, this Edelman-Walmarting fiasco is about the stupidest I've seen bloggers act to date. Trying to make up an issue where there is none" [..]  " I'm gonna bet 99% of the bloggers commenting, didn't know about the campaign until they saw the lynch mob. Common dumb asses. Wake up! "

Oh well, Randy is 100% right on this,  I for one don't care if there was a campign or if they (blogggers) were paid or not, because I was never in the privy of that feed in the first place. Yeah, bloggers can be asshole's -- Bloggers are human after all

Platypus has been leaked !!

Philipp has blogged  scoop !!

But from what I can gather its a client that needs to be installed on your machine and it permits you to have 500MB of drive space.  Thats seems to a really a little compared to what other services space that is being offered.

Some Tehcnical stuff :

"CACHE_DRIVE_SAFETY_SPACE:104857600
# every time this many bytes are written we check the available space (default 1MB)

and they do have a sense of humor if you have <LOGIN_FORGOT_PASSWORD_URL:>  forgotten your password :)-

I am doubtin google and their ways !!

I love being obtuse on the way I think and cull info.  Here's another take of Google strategy, which , initally spawned from here

As you can see, I start by digging and then find the new created group created with a new post only 33 minutes ago !

and in the very next instance, I need to check the whole Working Group membership. However, I see that it has approx +2.5K members !

Eh ? What happened here ?? Did so many teacher suddenly join within 33 minutes ? or is Philipp slam dunk on saying that Google is lying ?

i think that the +2.5K members to this group is the alpha/beta group that was in sleuth review. Somehow a data leak is in occurrence between sandbox and production !

But the whole point here is Google just meshing together data which has no relevence ?? fudgin their way thru ??

update#1 : "Yesterday at Educause in Dallas we announced that Blackboard--a major provider of enterprise software to educational institutions--has joined the Google Enterprise Professional program" -  Google is pushing hard into the education zone.  Where is this going ??

Stats of a A-lister ?

Am I the only inquisitive one on the web ? Or just a person who knows what to click on ?

Heres something small that I noticed and clicked on. 

and of course ,it takes you to the stats page for techcrunch.

What I don't understand, is that these  sites (A-listers) depend on page Views and Impressions and all that SEO stuff and Stats. Thats their Life line of revenue -correct ??  So why ain't they protecting their Business Intel ?

After all, this is open data and just about everyone can click and view or its just me think in the wrong way ?

I mean we all now have a different viewpoint of how many visitors /views  that Mikey is getting on his main pages and I think a reasonable knowledgeable SEO person, would be able to figure out , much more.

Anyhow, back to my cooking :)-

New Technoliges ?

A Long time ago [Aug 29, 2006 3:26 PM], I sent an email to Alex and Philipp, asking them ;

Any idea what technologies is being layered on this map ?? How is elevation  being rendered ? its that a embedded within Gearth or sepearate module which is being used "

We now see that the Image has become the hotest bed i the global. Yes, that is the facilities that tested the latest nuclear weapons !

Some new technologies at play all over. moab is out -Google Earth so riders can upload their own GPS data and see their home trails in 3D !!

Sweet , how can I interface this within a car:)_

was this another hack on the blogger platform ?

When this information was posted, I was the first person to state "was this another hack on the blogger platform ?" - I continued to cut the chatter within the forum.

Yes, we know that the Host Overflow Application eXception vulnerability is in the wild – any blog that supports RSS and MetaWeblogAPI can be h4x0red.  We are yet to confirm  vector of the attack.

Google has   stated that there was indeed a bug in the blogger platform.

Code search and Groups- Google style

Google has been playing around a lot with this last week.  Code search is a very powerfull tool for the dev community !! Take a look at their advance search options, I think one can actaully hack code using these methods.  We began tracking product from here

I hav also been playing with the new Groups Beta.  This is a truely rich experince for users. I cut of lot of my obversvations in my fav forum  :)-

kudo's to google for all these new exciting stuff !!

'nuff of blogging for today..me thinks I am a lonelyblogger  !!