Friday, December 31, 2010

Best Book Bejtlich Read in 2010

It's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 end of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 year, which means it's time to name cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 winner of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Best Book Bejtlich Read award for 2010!

I've been reading and reviewing digital security books seriously since 2000. This is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 fifth time I've formally announced a winner; see 2009, 2008, 2007, and 2006.

Compared to 2009 (15 books), 2010 was a good reading year -- 31 technical or security books, or my fifth highest total since 2000. Incidentally I read a decent number of "security history" books, meaning characterizations of "cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 scene." Many covered cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 1990s and are fairly old, but I had always wanted to read cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m.

My ratings for 2010 can be summarized as follows:

  • 5 stars: 14 books

  • 4 stars: 9 books

  • 3 stars: 5 books

  • 2 stars: 3 books

  • 1 stars: 0 books


Please remember that I try to avoid reading bad books. If I read a book and I give it a lower rating (generally 3 or less stars), it's because I had higher hopes.

Here's my overall ranking of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 five star reviews; this means all of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following are excellent books.

  • 14, 13, and 12. The Dragon's Quantum Leap, Decoding cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Virtual Dragon, and Dragon Bytes by Timothy L Thomas, Foreign Military Studies Office. Thomas examines Chinese information warfare like no one else. Enlightening and frightening.

  • 11. Intelligence, 4th Ed by Mark M. Lowenthal, CQ Press. Anyone interested in learning about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 IC and how professional intelligence officers think and act will enjoy reading I4E.

  • 10. The Book of Xen by Chris Takemura, No Starch. This could easily have been a very dry technical book, but TBOX is entertaining from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 start.

  • 9. IT Security Metrics by Lance Hayden, McGraw-Hill Osborne Media. If you want to introduce a comprehensive security metrics program in your environment, ISM will very skillfully offer one way to accomplish that goal. It's immensely practical and grounded in reality, and it will help you.

  • 8. The Victorian Internet by Tom Standage, Walker & Company. Being a history major, I find The Victorian Internet (TVI) to be an enlightening antidote to chronocentricity, and I recommend it to anyone trying to better understand modern times through cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 lens of history.

  • 7. The Hacker Crackdown by Bruce Sterling, Bantam. THC is one of my favorite books on hacker activity because it combines a narrative with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 author's accounts of interactions with key individuals.

  • 6. The Cuckoo's Egg by Cliff Stoll, Gallery. I first read TCE 20 years ago when it was first published, but I was a high school student who couldn't appreciate cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 content. Now, as an IR team leader, I recognize that Cliff probably shares 25 IR lessons in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first 50 pages!

  • 5. Hacking Exposed Wireless, 2nd Ed by Johnny Cache, McGraw-Hill Osborne Media. HEW2 is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best book on wireless security available. If you want to understand wireless -- and not just 802.11, but also Bluetooth, ZigBee, and DECT -- HEW2 is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book for you.

  • 4. Wireshark Network Analysis by Laura Chappell, Laura Chappell University. Wireshark Network Analysis (WNA) is a very practical, thorough, comprehensive introduction to Wireshark, written in an engaging style and produced in a professional manner.

  • 3. Network Maintenance and Troubleshooting Guide, 2nd Ed by Neal Allen, Addison-Wesley Professional. NMATG brings a whole new dimension to network analysis, particularly at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 lowest levels of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 OSI model. I found topics covered in NMATG that were never discussed in ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r books.

  • 2. The Rootkit Arsenal by Bill Blunden, Jones & Bartlett Publishers. "Wow." That summarizes my review of "The Rootkit Arsenal" (TRA) by Bill Blunden. If you're a security person and you plan to read one seriously technical book this year, make it TRA. If you decide to really focus your attention, and try cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 examples in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book, you will be able to write Windows rootkits. Even without taking a hands-on approach, you will learn why you can't trust computers to defend cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365mselves or report cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir condition in a trustworthy manner.


And, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 winner of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Best Book Bejtlich Read in 2010 award is...

  • 1. Practical Lock Picking by Deviant Ollam, Syngress. My review said in part (emphasis added tonight):

    Practical Lock Picking (PLP) is an awesome book. I don't provide physical testing services, but as a security professional familiar with Deviant's reputation I was curious to read PLP. Not only is PLP an incredible resource, it should also serve as a model text for ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rs who want to write a good book. First, although cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book is less than 250 pages, it is very reasonably priced. Second, Deviant wastes NO space. There is no filler material, background found in ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r readily available texts, reprinted Web site content, etc. Third, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 writing is exceptionally clear and methodical, with extreme attention to detail and a master's approach to educating cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 reader. Finally, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 diagrams, pictures, and figures are superb.


The Army FMSO office led publishers with 3 books this year, while traditional media publisher McGraw-Hill Osborne Media followed with 2.

Congratulations again to Syngress, publisher of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 last three Best Book Bejtlich Read winners!

Thank you to all publishers who sent me books in 2010. I have plenty more to read in 2011.

Congratulations to all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 authors who wrote great books in 2010, and who are publishing titles in 2011!

Reflections on Four Tufte Books

This week I finished cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 four main books written by Edward Tufte, namely The Visual Display of Quantitative Information, 2nd ed, Envisioning Information, Visual Explanations, and Beautiful Evidence. I decided not to review cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m individually at Amazon.com for several reasons.

First, I received cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m as a set 2 1/2 years ago at The Best Single Day Class Ever, what I call Tufte's class. Tufte's class and written work present a single set of ideas and some material is presented from multiple angles in several books. This makes it congnitively difficult for me to review cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m individually. Second, I did not treat cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m like ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r books I read, meaning I did not mark cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m with my own notes and underlining. Frankly cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 books are like works of art and it would pain me to mark cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m up! That makes it tough for me to review my reading process and withdraw comments suitable for a book review. Third, so many people have already reviewed cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 books that I did not feel I would bring any real novelty or domain expertise to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 discussion.

Racá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r, for this post I wanted to share a few ideas I learned from Tufte that I try to keep in mind when communicating. Some of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se are reflected in my earlier post, but I'd like to share what has stayed with me during cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se past 2 1/2 years.

  1. Do not let cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 medium define your message. PowerPoint culture is endemic in my workplace and in many ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rs. Racá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r than considering cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 message to be communicated, too many people concentrate on what cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 PowerPoint "pitch" needs to look like. I don't exclusively mean appearance, although that is definitely a factor. I'm referring more to what bullets are supposed to reflect a message to an audience. Racá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r than leading with bullets, determine what message you are trying to communicate, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n select a medium.

  2. Replace "presentations" with conversations. I avoid delivering lectures as much as possible. Nothing kills cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 spirit like receiving a stack of 300 slides. That "deck" represents a plodding, instructor-paced, predetermined path where questions are more likely to be interpreted as interruptions of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "flow" of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class. After seeing Tufte in action in 2008, I stopped teaching my two day TCP/IP Weapons School class using slides. The second and now third editions of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class have no slides whatsoever. Instead I teach with workbooks, labs, and unscripted question-and-answer interactions with students.

  3. Carry cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 burden or stay off cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 field. It is NOT easy to teach "Tufte style." Too many "presenters" and "instructors" fall into cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 seductive embrace of reading slides, facing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 screen and not cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 students, hoping to get to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 end of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 pitch as soon as possible.

    Instead, imagine walking into a room with 100 or more people, giving each a paper handout with some possible discussion topics, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n asking what cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y would like to know about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 security field. That is just what I did at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 FIRST conference this year, and from what I heard, people liked it. I'll say now that it was a somewhat scary experience for me to focus purely on conversation and not just march through a 30 slide PowerPoint deck. However, this is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sort of approach we need to see in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 field. I don't recommend it for every talk, but if you're up to carrying cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 burden, give it a try!

  4. Seek data and graphic representations where possible. For me, this is probably harder than cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 previous point. Whereas talking in an unscripted manner is rough because of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 mental gymnastics required, creating data-driven figures is tough because of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 amount of preparation required. We struggle with this in our CIRT. We have thousands of data points but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 collection, analysis, interpretation, and explanation of that information is much more difficult than I expected. As we add staff who spend less time fighting operational battles and more time contemplating cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 overall picture, I expect us to deliver cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sorts of graphics that speak volumes to all sorts of audiences.

  5. When cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 available tools stink, make your own. Tufte did this by publishing his books himself. He did not accept cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 limitations of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 publishers who claimed he could not include cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 novel features found in his titles. We've encountered similar issues at work where existing data collection tools were just not suited for our needs. Several very talented and motivated team members built and continue to build new tools to get cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 job done. This is even more difficult than cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 previous point because it requires anticipating cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sorts of data needed to describe, explain, and improve security operations. I expect a lot of progress in this area in 2011.


That's my "applied Tufte" for 2010. Here's hoping he publishes anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r book soon. The best New Year's resolution you could make for 2011 is to attend one of his classes, even if you have to pay yourself. You get all four books with paid tuition -- real books, not slide decks!

Review of The Dragon's Quantum Leap Posted

Amazon.com just posted my five star review of The Dragon's Quantum Leap by Timothy L. Thomas. I'm posting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 entire review here because it's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sort of content that I believe should get wide exposure.

The Dragon's Quantum Leap (TDQL) is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 third in a trilogy by Timothy L Thomas. A colleague introduced me to all three books, and an expert on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Chinese hacker scene was kind enough to secure a copy of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book. I thank all of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 extraordinary journey presented in TDQL. Published in 2009, TDQL is an historical review of key publications by Chinese information warfare (IW) cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365orists and thought leaders, as translated by American translators and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Open Source Center, successor to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 former Foreign Broadcast Information Service (FBIS). The author is an analyst with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Foreign Military Studies Office, and is a West Point graduate, a retired Army Lt Col, and a former Foreign Area Officer focusing on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 USSR and Russia. TDQL covers Chinese IW thought from 2007-2009, while cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 earlier books Dragon Bytes (DB) addressed 1995-2003 and Decoding cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Virtual Dragon covered 2004-early 2007.

My reviews of DB and DTVD summarized key Chinese IW cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365mes, all of which extend into TDQL. Therefore I'd like to highlight a few aspects of TDQL that should be of interest to Western digital security specialists.

TDQL opens with an analysis of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 one book by Chinese IW experts likely to be known to some US military strategists: Unrestricted Warfare (UW), published by Qiao Liang and Wang Xiangsui in 1999. Thomas includes it here because it foreshadows developments in Chinese IW in later years. It was interesting to learn that initially cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Chinese government treated cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 UW authors critically, but later cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir ideas became popular. UW is filled with gems that cut to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 heart of Chinese IW. For example, "cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 biggest difference between contemporary wars and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 wars of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 past is that, in contemporary wars, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 overt goal and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 covert goal are often two different matters" (p 21). "Military threats are already often no longer cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 major factors affecting national security... cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se traditional factors are increasingly becoming more intertwined with grabbing resources, contending for markets, controlling capital, trade sanctions, and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r economic factors" (pp 21-2).

The authors offer critical insights that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Chinese have operationalized: "Warfare can be military, or it can be quasi-military, or it can be non-military. It can use violence, or it can be nonviolent. It can be a confrontation between professional soldiers, or one between newly emerging forces consisting primarily of ordinary people or experts" (p 28). In an interview about UW, author Qiao called war with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 US "inevitable... because China will grow strong only at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 cost of consuming much of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 world's resources which will put it in direct competition and eventually conflict with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 US" (p 30). They also claim "The battlefield is everywhere and war may be conducted in areas where military actions do not dominate" (pp 33-4). This reminds me of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 subtitle of James Adams' 1998 book The Next World War: Computers Are cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Weapons and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Front Line Is Everywhere.

Anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r author, PLA Major Peng Hongqi says "cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 weaker side [in IW] must adhere to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 active offense... especially in peacetime" (p 40). Thomas says "Peng seems to imply that it is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 RIGHT [author's emphasis] of an inferior force to attack a superior force first" (p 41). Peng advocates concepts like "protracted control" and using civilians, hackers, or ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r computers to gain plausible deniability. He says "forces begin engagements and reconnaissance before a conflict emerges. Peacetime collection of key information... is vital" (p 42). One should "treat cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 peacetime struggle for information supremacy as 'a genuine, perpetual, never-ending battle'... gain as much enemy information as possible and keep cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 enemy from gaining information on one's own side" (p 42). Also, "cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 only way cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 inferior side can compete with a powerful enemy is by taking full advantage of peacetime to energetically elevate its material and technological foundation" (p 42).

Deng Yifei provides what might be cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "money quote" in TDQL: "In confrontation on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 future battlefield, what is scarier than inferior technology is inferior thinking" (p 56). Evidence of China's IW thinking involves cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir focus on penetrating Western computers. Thomas notes "it is suspected that Chinese reconnaissance performs two functions: to expose an opposing force's military plans and to study cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 conditions and vulnerabilities that lead to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 successful use of Internet attacks" (p 119). These intrusions bring to life this Chinese strategem: "a victorious army first wins and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n seeks battle" (p 174). Chinese thinkers also plan to target foreign commanders, even including "a study of hobbies, weaknesses and flaws" (p 121).

Thomas notes Taiwan's reporting on Chinese IW as well. He also includes suggestions made to strengcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n Taiwanese IW defense. For example, Lin Chin-ching recommends that "all officers under cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 rank of lieutenant general would be tested on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir knowledge of IW and computer information, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir test results would be taken into consideration when cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir files are reviewed for promotion" (p 216). I suggest cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same for business managers as well as US military leaders.

I strongly recommend reading TDQL and Thomas' ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r works if you want to better understand Chinese IW history and thinking.

Review of Decoding cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Virtual Dragon Posted

Amazon.com just posted my five star review of Decoding cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Virtual Dragon by Timothy L. Thomas. I'm posting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 entire review here because it's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sort of content that I believe should get wide exposure.

Decoding cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Virtual Dragon (DTVD) is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sequel to Timothy L Thomas' 2004 book Dragon Bytes. A colleague introduced me to both books, and an expert on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Chinese hacker scene was kind enough to secure a copy of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book. I thank all of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 extraordinary journey presented in DTVD. Published in 2007, DTVD is an historical review of key publications by Chinese information warfare (IW) cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365orists and thought leaders, as translated by American translators and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Open Source Center, successor to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 former Foreign Broadcast Information Service (FBIS). The author is an analyst with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Foreign Military Studies Office, and is a West Point graduate, a retired Army Lt Col, and a former Foreign Area Officer focusing on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 USSR and Russia. DTVD covers Chinese IW thought from 2004-early 2007. Thomas' earlier book discusses 1995-2003, and his later book addresses 2007-2009.

My review of DB summarized key Chinese IW cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365mes, all of which extend into DTVD. Therefore I'd like to highlight a few aspects of DTVD that should be of interest to Western digital security specialists.

Chinese military leaders have always promoted development of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ory and strategy, but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are now integrating practice into cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir doctrine. This is difficult for a military that lacks cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ops tempo of a force like cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 US military, with a decade of continuous war experience on hand. However, IW allows continuous practice, since it can be exercised "using a borrowed sword" (i.e., using deception and "camouflage" to lend plausible deniability to Chinese IW offensives against cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 West).

Chinese thought leaders often see cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 US as an offensive force. Thomas reports on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 views of two cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365orists thus: "Conflict-oriented strategy still holds a strong place in Western strategic culture. Expansion and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 seizure of hegemony are Western strategic targets while China's has been an introvert-type behavior whose targets are peace, safeguarding national territories, and seeking unification and resisting aggression" (p 23). (That's apparently how cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Chinese frame cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir activities in Tibet and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir missiles facing Taiwan.)

The two cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365orists (Peng and Yao) also note that "cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 seizure of information has become a primary task of modern warfare" (p 30). One form of conflict perpetrated by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 West is "strategic psychological warfare (SPW)," which includes "attempts to advance cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir [Western] political system and life style, to use economic aid as bait, to seek economic infiltration and control, and to promote western values via TV, movies, newspapers and journals, audio and video products, and especially over cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Internet" (p 34). China sees this as a threat to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir "network sovereignty" (p 124).

War is increasingly a financial affair: "War with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 objective of expanding territory has already basically withdrawn from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 stage of history, and even war with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 objective of fighting for natural resources is now giving way to war with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 objective of controlling cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 flow of financial capital" (p 76). "IW will gradually shift into cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 primary form of war, and military objectives will shift from eliminating cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 enemy and preserving oneself to controlling cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 enemy and preserving oneself" (p 87).

DTVD includes a translation of a Chinese IW dictionary and questions and answers on IW. The definition of Computer Network Attack (CNA) says "various measures and actions taken to make use of security flaws in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 enemy's computer network systems to steal, modify, fabricate, or destroy information and to reduce or destroy network utility." The definition of IW mentions "cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 use of computer network systems to gain enemy intelligence," not just destroy targets. Crucially, "in this day and age, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is no distinction between peacetime and wartime network warfare" (p 127). Hopefully for world peace, "network warfare could develop in anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r direction and work to create 'network deterrence' or 'network containment.' That is, it may be more valuable for both sides to simply comply with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 rulebook of not attacking anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r's networks if two sides attain a mutual balance of network power" (p 128).

Dai Qingmin notes "an individual can threaten an entire country in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 information age" and "in some cases cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 more technologically advanced a country becomes, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 more vulnerable it becomes as well" (p 134). Individuals who conduct IW can be hard to find or retaliate against, hinting at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 PLA's interest in leveraging individual civilian hackers. Thomas writes: "Dai's discussion focuses heavily on obtaining key information via reconnaissance of foreign computer systems in peacetime... As he [Dai] states, 'Computer network reconnaissance (CNR) is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 prerequisite for seizing victory in warfare.' His focus on CNR provides added context to current Chinese operations aimed at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 reconnaissance of US systems" (p 137). A later section in DTVD mentions "intelligence warfare" as anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r Chinese concept where "two sides in a conflict adopt various means to gacá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r and steal information from one anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r" (p 207).

Facá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r of IW Dr Shen notes "cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 goals of war have changed from territorial expansion and economic aggression to information plundering and targeting psychological elements" (pp 160-1). Skilled people are key, according to anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r author, who writes "cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 personnel system of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 armed forces will have to enlist computer hackers or treat cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m as wartime reserves and give cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m preferred treatment to provide technical support for military building and operations" (p 173); hear that, US military?

Finally, Thomas observes cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "extensive knowledge that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Chinese have about our concepts and systems," with bookstores in China offering "translations of thirty or forty (perhaps more, depending on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 size of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 store) US military books... [but] a US military bookstore is usually limited to five Chinese titles" (p 304).

I strongly recommend reading DTVD and Thomas' ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r works if you want to better understand Chinese IW history and thinking.

Review of Dragon Bytes Posted

Amazon.com just posted my five star review of Dragon Bytes by Timothy L. Thomas. I'm posting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 entire review here because it's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sort of content that I believe should get wide exposure.

A colleague introduced me to Dragon Bytes (DB) by Timothy L Thomas, and an expert on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Chinese hacker scene was kind enough to secure a copy of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book. I thank all of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 extraordinary journey presented in DB. Published in 2004, DB is an historical review of key publications by Chinese information warfare (IW) cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365orists and thought leaders, as translated by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 former Foreign Broadcast Information Service (FBIS) and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r American translators. The author is an analyst with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Foreign Military Studies Office, and is a West Point graduate, a retired Army Lt Col, and a former Foreign Area Officer focusing on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 USSR and Russia. DB covers Chinese IW thought from 1995-2003. Thomas' subsequent books, Decoding cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Virtual Dragon, and The Dragon's Quantum Leap, cover later periods in Chinese IW history.

DB is really unlike any of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 books I have reviewed before, because it summarizes cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 IW doctrine of anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r country. As a former Air Force intelligence officer, I helped develop our nation's IW plans in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 late 1990s and have defended civilian infrastructures for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 last 10 years. DB provides a view of a world that is plain to see if only cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 reader knows where to look and can read Chinese. Thanks to FBIS translations and Thomas' keen eye, Western readers can learn what cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Chinese military says about IW.

I'd like to highlight a few concepts and excerpts that I feel are important to understanding Chinese IW cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ory.

The Chinese do not seek to simply copy Western IW concepts. Racá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y stress development of IW "with Chinese characteristics." They draw heavily on Marx and Engels for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir military doctrine, including People's War, and believe Mao brought Marx's ideas to fruition in China. They feel that IW is a natural implementation of People's War, especially when individual Chinese citizens can participate simply by virtue of owning a computer. Unlike Western militaries and governments, China vigorously integrates civilians and reservists into cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir military framework, to include individual "hackers."

Traditionally China has pursued "active defense" as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir military model, meaning cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y do not seek (or claim not to seek) conquest beyond cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir borders. Racá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y respond with People's War when attacked by aggressors. IW, however, does not lend itself to an active defense strategy because losing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 initiative means losing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 war. Chinese IW cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365orists increasingly abandoned "active defense" with IW and now promote active offense, which takes various forms.

Chinese IW cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365orists are advocates of proper thinking over force (p 101). Unsurprisingly, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365orists channel Sun Tzu by seeking to "win without fighting" through IW. They devote a lot of energy to developing strategy and "strategems," sometimes considered to be "tricks" or "schemes" to overcome superior forces. They believe information is as important as energy and materials, and "warfare may be waged around cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 struggle for intellectual resources, such as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 allegiance of a high-tech expert or cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 patented right to a piece of technology" (p 13).

The Chinese military sees Western culture, particularly American culture, as an assault on China, saying "cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 West uses a system of values (democracy, freedom, human rights, etc.) in a long-term attack on socialist countries... Marxist cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ory opposes peaceful evolution, which... is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 basic Western tactic for subverting socialist countries" (pp 102-3). They believe cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 US is conducting psychological warfare operations against socialism and consider culture as a "frontier" that has extended beyond American shores into cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Chinese mainland. The Chinese cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365refore consider control of information to be paramount, since cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y do not trust cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir population to "correctly" interpret American messaging (hence cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "Great Firewall of China"). In this sense, China may consider cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 US as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 aggressor in an ongoing cyberwar.

Dr Shen Weiguang, China's "facá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r of IW," defines IW as "two sides in pitched battle against one anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 political, economic, cultural, scientific, social, and technological spheres," (p 32) or as "brain war" (p 40). Thomas reports Shen's views thus: "information control is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 doorway to an opportunity to dominate cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 world" (p 33). Shen mentions "total IW" where "information aggression" involves "violating cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 information space of anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r country and plundering its information resources" (p 36). Shen recommends creating an "information academy" and believes "'attack in order to defend' is more effective than defense alone in many cases since advance warning is impossible and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 effectiveness of defense is hard to predict" (p 45). However, Shen seems to believe IW should be constrained by international norms, since he also advocates developing a "set of information rules" to limit IW (p 48). Finally, academic Deng Xiaobao discusses "dwindling distinctions... between wars and non-wars (referring here to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 lack of distinction between IW and times of peace, where an IW can start with an information assault and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 side under attack may not be able to judge that it is a war)" (p 125).

I strongly recommend reading DB and Thomas' subsequent works if you want to better understand Chinese IW history and thinking.

Thursday, December 30, 2010

Steve Jobs Understands Team Building

I stumbled upon cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following excerpt from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 1998 book In cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Company of Giants by Rama Dev Jager and Rafael Ortiz. They interviewed Steve Jobs, who had cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following to say about team building, as printed in BusinessWeek:

Q. What talent do you think you consistently brought to Apple and bring to NeXT and Pixar?

SJ. I think that I've consistently figured out who really smart people were to hang around with. No major work that I have been involved with has been work that can be done by a single person or two people, or even three or four people... In order to do things well, that can't be done by one person, you must find extraordinary people.

The key observation is that, in most things in life, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 dynamic range between average quality and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best quality is, at most, two-to-one...

But, in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 field that I was interested in -- originally, hardware design -- I noticed that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 dynamic range between what an average person could accomplish and what cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best person could accomplish was 50 or 100 to 1. Given that, you're well advised to go after cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 cream of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 cream.

That's what we've done. You can cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n build a team that pursues cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 A+ players. A small team of A+ players can run circles around a giant team of B and C players.

Q. So you think your talent is in recruiting?

SJ. It's not just recruiting. After recruiting, it's building an environment that makes people feel cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are surrounded by equally talented people and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir work is bigger than cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are. The feeling that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 work will have tremendous influence and is part of a strong, clear vision -- all those things.

Recruiting usually requires more than you alone can do, so I've found that collaborative recruiting and having a culture that recruits cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 A players is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best way.

Q. Yet, in a typical startup, a manager may not always have cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 time to spend recruiting ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r people.

SJ. I disagree totally. I think it's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most important job... When you're in a startup, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first ten people will determine whecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 company succeeds or not.


Steve is right. That is why I Tweeted this last week:

Real IT/security talent will work where cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y make a difference, not where cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y reduce costs, "align w/business," or serve ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r lame ends.

I was emphasizing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 point that motivated people want to make a difference. They want to bring good things to life. (I loved that motto -- time to junk cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 present one, if you catch my drift, and go back!)

Photo credits: Wikipedia

Tuesday, December 28, 2010

Trying PC-BSD 8.2-BETA1

After reading PC-BSD 8.2-BETA1 Available for Testing last week I decided to give cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 latest version of PC-BSD a try on my ESXi server. I failed earlier to get cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 installation to succeed using PC-BSD 8.1, but I had no real issues with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new BETA1 based on FreeBSD 8.2 PRERELEASE. (PC-BSD will publish cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir final 8.2 version when cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 main FreeBSD project publishes 8.2 RELEASE.)

For this test I downloaded cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 64 bit network installation .iso and installed cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 OS within ESXi. I decided to try a few new features offered by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 PC-BSD installer, namely ZFS and disk encryption for user data as shown in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 top screenshot. When I booted cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VM I was prompted to enter cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 passphrase I used when installing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 OS:

da0 at mpt0 bus 0 scbus0 target 0 lun 0
da0: Fixed Direct Access SCSI-2 device
da0: 320.000MB/s transfers (160.000MHz, offset 127, 16bit)
da0: Command Queueing enabled
da0: 16384MB (33554432 512 byte sectors: 255H 63S/T 2088C)
Enter passphrase for da0p4:
GEOM_ELI: Device da0p4.eli created.
GEOM_ELI: Encryption: AES-XTS 128
GEOM_ELI: Crypto: software
Trying to mount root from zfs:tank0

That was cool. In addition to encryption, I need to learn more about how PC-BSD uses jails to support ports and packages. This is different compared to any ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r BSD I have seen.

PC-BSD is also supposed to be desktop-friendly, so I tried my "can I see a YouTube video out of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 box" test. The screenshot at right shows it worked.

I should note that before I could connect remotely using SSH, I had to disable cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Pf firewall. (I could also have reconfigured cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 firewall if I wanted it to stay active.)

Now that I have a working PC-BSD OS in my lab, I'll try to learn more about it. I'll probably wait until cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 RELEASE version arrives.

Trying VirtualBSD 8.1

Reece Tarbert sent an email announcing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 availability of VirtualBSD 8.1, a version of FreeBSD 8.1 aimed at demonstrating FreeBSD on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 desktop. It's a 1.3 GB zipped VMWare image that expands to 4.1 GB.

I downloaded cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 image via Bittorrent, expanded cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 image, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n used cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VMWare Converter to transfer cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VM from my laptop to my ESXi server. I accepted all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 defaults and successfully converted cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VM. However, after booting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VM I noticed cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 kernel did not recognize cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 network card. I shut down cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VM, removed cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 NIC, and added a new e1000 NIC. After booting that version cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VM recognized cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 NIC and got an IP address via DHCP from my Cisco 3750 switch.

One of my definitions of "desktop ready" is whecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r I can see YouTube videos out-of-cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365-box. As cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 screen capture shows, VirtualBSD worked without incident.

If you're wondering about PC-BSD, I plan to give version 8.2 a try soon. As I Tweeted last month, I had trouble with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 installer and couldn't install 8.1 to my ESXi server. I could try installing to VMWare Workstation and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n converting that VM too.

FreeBSD on Amazon EC2

Thanks to Colin Percival you can try FreeBSD on Amazon EC2! According to Colin's blog more is to come, but for now you can try FreeBSD 8.2-RC1 and FreeBSD 9.0-CURRENT.

I decided to try spinning up 8.2-RC1. I used cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 command line tools for Ubuntu racá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r than cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Web interface.

richard@neely:~$ sudo apt-get install ec2-api-tools

richard@neely:~$ export EC2_PRIVATE_KEY=$HOME/.ec2/pk-GO7RNG3LZTNPOUD5TH4YRCA4LFNGP5SB.pem

richard@neely:~$ export EC2_CERT=$HOME/.ec2/cert-GO7RNG3LZTNPOUD5TH4YRCA4LFNGP5SB.pem

richard@neely:~$ export JAVA_HOME=/usr/lib/jvm/java-6-openjdk/

Now I check my security settings and authorize my IP.

richard@neely:~$ ec2-authorize default -p 22 -s [MYIP]/32
GROUP default
PERMISSION default ALLOWS tcp 22 22 FROM CIDR [MYIP]/32

richard@neely:~$ ec2-describe-group default

GROUP 162896439853 default default group

PERMISSION 162896439853 default ALLOWS all FROM USER 162896439853 GRPNAME default

PERMISSION 162896439853 default ALLOWS tcp 22 22 FROM CIDR [MYIP]/32

Next I start cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 8.2-RC1 AMI.

richard@neely:~$ ec2-run-instances ami-d29b6abb -k taosecuritykey -t t1.micro

RESERVATION r-a54c17cf 162896439853 default
INSTANCE i-44bda629 ami-d29b6abb pending taosecuritykey
0 t1.micro 2010-12-28T15:21:41+0000 us-east-1b
aki-407d9529monitoring-disabled ebs

After a few seconds I check to see if it is running.
 
richard@neely:~$ ec2-describe-instances i-44bda629
RESERVATION r-a54c17cf 162896439853 default
INSTANCE i-44bda629 ami-d29b6abb ec2-50-16-108-39.compute-1.amazonaws.com
ip-10-243-6-109.ec2.internal running taosecuritykey 0 t1.micro
2010-12-28T15:21:41+0000
us-east-1b aki-407d9529 monitoring-disabled 50.16.108.39
10.243.6.109 ebs

BLOCKDEVICE /dev/sda1 vol-200caa48 2010-12-28T15:21:44.000Z
BLOCKDEVICE /dev/sdb vol-220caa4a 2010-12-28T15:21:44.000Z

Now I connect to it.

richard@neely:~$ ssh -i .ssh/taosecuritykey.pem root@ec2-50-16-108-39.compute-1.amazonaws.com

Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 University of California. All rights reserved.

FreeBSD 8.2-RC1 (XEN) #1: Fri Dec 24 05:49:26 UTC 2010

Welcome to FreeBSD!

Before seeking technical support, please use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following resources:

o Security advisories and updated errata information for all releases are
at http://www.FreeBSD.org/releases/ - always consult cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ERRATA section
for your release first as it's updated frequently.

o The Handbook and FAQ documents are at http://www.FreeBSD.org/ and,
along with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 mailing lists, can be searched by going to
http://www.FreeBSD.org/search/. If cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 doc distribution has
been installed, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y're also available formatted in /usr/share/doc.

If you still have a question or problem, please take cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 output of
`uname -a', along with any relevant error messages, and email it
as a question to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 questions@FreeBSD.org mailing list. If you are
unfamiliar with FreeBSD's directory layout, please refer to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 hier(7)
manual page. If you are not familiar with manual pages, type `man man'.

You may also use sysinstall(8) to re-enter cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 installation and
configuration utility. Edit /etc/motd to change this login announcement.

ip-10-243-6-109# uname -a

FreeBSD ip-10-243-6-109 8.2-RC1 FreeBSD 8.2-RC1 #1: Fri Dec 24 05:49:26 UTC 2010
root@chch.daemonology.net:/usr/obj/i386/usr/src/sys/XEN i386

ip-10-243-6-109# df -h
Filesystem Size Used Avail Capacity Mounted on
/dev/da1s1 4.8G 193M 4.3G 4% /
devfs 1.0K 1.0K 0B 100% /dev
/dev/da0 1.0G 20M 945M 2% /boot/grub

When done I disconnect and terminate cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 instance. I could have also just shut down cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 machine within SSH if I wanted to use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 instance in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 future.

richard@neely:~$ ec2-terminate-instances i-44bda629
INSTANCE i-44bda629 running shutting-down

That's really cool! Many thanks to Colin for his work on this. If you want to support development on this sort of project, consider donating to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 FreeBSD Foundation as Colin suggests in his blog.

Monday, December 27, 2010

Bejtlich Teaching at Black Hat DC 2011

Over cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 holiday break I've been putting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 finishing touches on TCP/IP Weapons School 3.0, to be presented first at Black Hat DC 2011 on 16-17 Jan 11. This is a completely new class written from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ground up. I'm very pleased with how it has developed.

While keeping cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 distinctions from ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r offerings that I described last year, I've extended this third version of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class to include explicit offensive and defensive portions. Students will receive two VMs, one running a modified version of Doug Burks' SecurityOnion distro as an attack/monitor platform, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 second running a Windows workstation as a victim platform.

The purpose of this class is to develop cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 investigative mindset needed by digital security professionals. Junior- to intermediate-level security and information technology (IT) staff are cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 intended audience. The class is a balance of discussion and hands-on labs.

Defensive aspects of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 labs emphasize how to discover suspicious and malicious activity in network and log evidence. Offensive aspects of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 labs offer cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 student a chance to do cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same sorts of actions that caused cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 suspicious and malicious activity in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 labs. I encourage students to keep an open mind and feel free to expand cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir interaction with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 labs beyond cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 required material. Take advantage of this time away from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 office to enjoy defensive and offensive aspects of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 digital security arena!

Registration is open and continues at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 current rate until 15 Jan, after which cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 onsite rate kicks in.

I'll also teach cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 course in Las Vegas this summer. Thank you.

Speaking at RSA 2011

Mike Rothman and Rich Mogull were kind enough to invite me to speak at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir e10+ Experienced Security half-day event on 14 February 2011 at RSA 2011 in San Francisco. I'll participate in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "What's Going to Keep Me Up at Night?" panel. (The joke possibilities write cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365mselves.) I'll stay for a few days of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 conference as well. I like cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 idea of an event aimed at senior security people, i.e., 10+ years of experience. Please consider checking it out!

Courtesy of APT

The photo at left is Bill Sweetman's take on a photo posted to an aviation forum (.jpg) that is probably China's Chengdu J-20 fighter, claimed to be cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir "stealth fighter." Bill's comment caught my attention:

I think that we can count on China to start delivering more technological surprises - and in some cases cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y will be aided by cyber-espionage. Remember that's what cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Advanced Persistent Threat is all about, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 great thing about cyber-espionage is that it can be exploited without risking human sources. That makes it much more useful - both in learning how to do things and avoiding blind alleys and pitfalls in R&D. (emphasis added)

There are several ways information stolen by APT could have helped with this aviation program. A few include:

  • Theft of Western technology for direct application to building cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Chinese aircraft

  • Theft of Western technology to help design cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Chinese aircraft to counter Western aircraft

  • Theft of Western technology to help Chinese integrated air defense systems and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r counter-aircraft weapons to deny, degrade, or destroy Western aircraft and systems

  • Theft of Western program histories and experiences to guide Chinese designers and builders away from failed approaches and toward more promising methods

  • Theft of Western plans and tactics to assist Chinese pilots flying against Western pilots


Building Chinese stealth fighters isn't cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 end goal of APT activity. They are tasked with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir missions to furcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r national ends, which involve strategic goals. This fighter is a means to an end.

Thursday, December 09, 2010

Splunk 4.x on FreeBSD 8.x using compat6x Libraries

Two years ago I posted Splunk on FreeBSD 7.0 showing how to use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 FreeBSD compat6x libraries to run cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 3.4 version of Splunk compiled for FreeBSD 6.x. I decided to try this again, except using cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 newest Splunk on an amd64 FreeBSD system.

As you can see below, it took me only a few minutes to get cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 system running thanks to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 precompiled compat6x-amd64 package. If I needed to install on i386, I could have used cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ports tree.

r200a# uname -a

FreeBSD r200a.taosecurity.com 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:36:49
UTC 2010 root@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64

r200a# pkg_add -r ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-stable
/misc/compat6x-amd64-6.4.604000.200810_3.tbz
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-stable
/misc/compat6x-amd64-6.4.604000.200810_3.tbz... Done.

*******************************************************************************
* *
* Do not forget to add COMPAT_FREEBSD6 into *
* your kernel configuration (enabled by default). *
* *
* To configure and recompile your kernel see: *
* http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html *
* *
*******************************************************************************

r200a# pkg_add splunk-4.1.6-89596-freebsd-6.2-amd64.tgz
----------------------------------------------------------------------
Splunk has been installed in:
/opt/splunk

To start Splunk, run cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 command:
/opt/splunk/bin/splunk start

To use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Splunk Web interface, point your browser at:
http://r200a.taosecurity.com:8000

Complete documentation is at http://www.splunk.com/r/docs
----------------------------------------------------------------------

r200a# /opt/splunk/bin/splunk start --accept-license
Copying '/opt/splunk/etc/myinstall/splunkd.xml.cfg-default' to '/opt/splunk/etc/myinstall/splunkd.xml'.
Copying '/opt/splunk/etc/openldap/ldap.conf.default' to '/opt/splunk/etc/openldap/ldap.conf'.
/opt/splunk/etc/auth/audit/private.pem
/opt/splunk/etc/auth/audit/public.pem
['openssl', 'genrsa', '-out', '/opt/splunk/etc/auth/audit/private.pem', '1024']
/opt/splunk/etc/auth/audit/private.pem generated.
/opt/splunk/etc/auth/audit/public.pem generated.
Generating RSA private key, 1024 bit long modulus
.........++++++
............................++++++
e is 65537 (0x10001)
writing RSA key

/opt/splunk/etc/auth/distServerKeys/private.pem
/opt/splunk/etc/auth/distServerKeys/trusted.pem
['openssl', 'genrsa', '-out', '/opt/splunk/etc/auth/distServerKeys/private.pem', '1024']
/opt/splunk/etc/auth/distServerKeys/private.pem generated.
/opt/splunk/etc/auth/distServerKeys/public.pem generated.
Generating RSA private key, 1024 bit long modulus
.............++++++
............................................++++++
e is 65537 (0x10001)
writing RSA key


This appears to be your first time running this version of Splunk.
Moving '/opt/splunk/share/splunk/search_mrsparkle/modules.new' to '/opt/splunk/share/splunk/search_mrsparkle/modules'.
Creating: /opt/splunk/var/lib
Creating: /opt/splunk/var/run/splunk
Creating: /opt/splunk/var/run/splunk/upload
Creating: /opt/splunk/var/spool/splunk
Creating: /opt/splunk/var/spool/dirmoncache
Creating: /opt/splunk/var/lib/splunk/authDb
Creating: /opt/splunk/var/lib/splunk/hashDb
Checking databases...
Validated databases: _audit, _blocksignature, _internal, _cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365fishbucket, history, main, sample, summary

Splunk> The IT Search Engine.

Checking prerequisites...
Checking http port [8000]: open
Checking mgmt port [8089]: open
Checking configuration... Done.
Checking index directory... Done.
Checking databases...
Validated databases: _audit, _blocksignature, _internal, _cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365fishbucket, history, main, sample, summary
All preliminary checks passed.

Starting splunk server daemon (splunkd)... Done.
Starting splunkweb... /opt/splunk/share/splunk/certs does not exist. Will create
Generating certs for splunkweb server
Generating a 1024 bit RSA private key
............++++++
.................++++++
writing new private key to 'privkeySecure.pem'
-----
Signature ok
subject=/CN=r200a.taosecurity.com/O=SplunkUser
Getting CA Private Key
writing RSA key
Done.

If you get stuck, we're here to help.
Look for answers here: http://www.splunk.com/base/Documentation

The Splunk web interface is at http://r200a.taosecurity.com:8000

And that's it! I pointed my Web browser to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 FreeBSD server and I accessed Splunk. Kudos to Splunk for providing a free version of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir product to run in this manner!

Postscript: I realized Splunk installs to /opt, which on this system lives in /, which is small. So, I made this change after stopping Splunk:

r200a# mv /opt /nsm/
r200a# ln -s /nsm/opt/ /opt

That put Splunk in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 larger /nsm partition. I should have created cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 symlink before installing, but no real harm was done anyway.

Friday, December 03, 2010

Bruce Schneier, Cyber Warrior?

Do you remember cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 story from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Times in 2009 titled Spy chiefs fear Chinese cyber attack?

[UK] Intelligence chiefs have warned that China may have gained cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 capability to shut down Britain by crippling its telecoms and utilities.

They have told ministers of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir fears that equipment installed by Huawei, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Chinese telecoms giant, in BT’s new communications network could be used to halt critical services such as power, food and water supplies.

The warnings coincide with growing cyberwarfare attacks on Britain by foreign governments, particularly Russia and China...

The company [Huawei] is providing key components for BT’s new £10 billion network, which will update cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 UK’s telecoms with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 use of internet technology. The report says cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 potential threat from Huawei “has been demonstrated elsewhere in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 world”...

T]he ministerial committee on national security was told at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 January [2009] meeting that Huawei components that form key parts of BT’s new network might already contain malicious elements waiting to be activated by China.

Working through Huawei, China was already equipped to make “covert modifications” or to “compromise equipment in ways that are very hard to detect” and that might later “remotely disrupt or even permanently disable cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 network”, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 meeting was told...


Ok, old news. But what did I just read in Huawei's US Sales Push Raises Security Concerns from September 2010?

Should United States telecommunications companies consider purchasing -- or even be allowed to purchase -- infrastructure equipment from a major Chinese company that could, maybe, be a significant national security risk?

Some US government officials and security experts are concerned about products from Huawei Technologies Co. Ltd. , which has begun more actively courting US customers...

Anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r security expert concerned about foreign tampering is Bruce Schneier, chief security technology officer at BT and a well known blogger about security. Although he doesn't have any proof, Schneier says it "certainly wouldn't surprise me at all" if Huawei installed software that could endanger US security. He would "think twice" before buying equipment from Huawei.


Wow. Did Bruce tell his bosses at BT this? I mean, he has been Chief Security Technology Officer at BT since BT acquired Counterpane in late 2006. (The BT-Huawei deal predates that acquisition by a few years, so Bruce didn't have input back cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n.) I guess it's possible Bruce really is a closet cyber warrior...

Wednesday, November 24, 2010

Trying Ubuntu 10.10 in AWS Free Usage Tier

After trying 60 Free Minutes with Ubuntu 10.10 in Amazon EC2 yesterday, I decided to take cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 next step and try cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 AWS Free Usage Tier. This blog post by Jay Andrew Allen titled Getting Started (for Free!) with Amazon Elastic Cloud Computing (EC2) helped me.

One important caveat applies: this activity will not be completely free. The AMI chose uses a 15 GB filesystem, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 terms of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 free usage stipulate no more than a 10 GB filesystem. I'll pay $0.50 per month for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 privilege of using a prebuilt Ubuntu AMI. Since I'm an AMI n00b, I decided to pay cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 $0.50. At some point when I am comfortable creating or trusting 10 GB AMIs, maybe I'll switch.

  1. First I visited http://aws.amazon.com/ec2/ and signed up for Amazon EC2. At Amazon Web Services Sign In, I chose to "Identity Verification by Telephone." When I completed sign up I received three emails: 1) Amazon Virtual Private Cloud Sign-Up Confirmation; 2) Amazon Elastic Compute Cloud Sign-Up Confirmation; and 3) Amazon Simple Notification Service Sign-Up Confirmation.

  2. Next I visited cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 AWS Management Console at https://console.aws.amazon.com/ec2/home. In Getting Started, I choose Launch Instance. I had to decide what sort of virtual machine I wanted to run. I decided to try a 64 bit Ubuntu 10.10 Amazon Machine Image (AMI) I found mentioned at http://uec-images.ubuntu.com/releases/maverick/release/ and at http://alestic.com/. I selected an AMI available at Amazon's us-east-1 facility, identified as ami-548c783d. This AMI uses Amazon's Elastic Block Store (EBS) so that changes persist.

  3. Under Instance Details, I chose:

    Number of Instances: 1
    Availability Zone: No Preference
    Instance Type: Micro (t1.micro, 613 MB)

  4. Under Select Launch Instances, I chose:

    Kernel ID: Use Default
    RAM Disk ID: Use Default
    No Monitoring
    No User Data
    No Tags

  5. Next I had to Create and Download Key Pair. That produced a file called taosecuritykey.pem which we'll use later.

  6. I chose

    Security Groups: Default

  7. When I reviewed my choices I saw:

    AMI: Ubuntu AMI ID ami-548c783d (x86_64)
    Name:
    Description:
    Number of Instances: 1
    VPC Subnet:
    Availability Zone: No Preference
    Instance Type: Micro (t1.micro)
    Instance Class: On Demand
    Number of Instances: 1
    Availability Zone: No Preference
    Instance Class: On Demand
    Maximum Price:
    Request Valid From:
    Availability Zone Group:
    Request Valid Until:
    Launch Group:
    Persistent Request:
    Placement Group:
    Strategy:
    Monitoring: Disabled
    Bursting:
    Kernel ID: Use Default
    RAM Disk ID: Use Default
    IP Address:
    User Data:
    Key Pair Name: taosecuritykey
    Security Group(s): default

  8. Finally I launched Launched cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 instance and visited cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Instances Page.

  9. In order to SSH to my AMI I had to add "SSH" to my Security Group and I decided to add my own IP address (with /32 netmask) as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 IP allowed to traverse cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 firewall.

  10. To SSH to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 system I had to find cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 hostname in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 EC2 Instance listing at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bottom of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 page, e.g., ec2-obfuscated.compute-1.amazonaws.com. I also had to set permissions on my .pem so I could use it with SSH:


    richard@neely:~$ mv taosecuritykey.pem .ssh/
    richard@neely:~$ chmod 400 .ssh/taosecuritykey.pem

  11. Then I connected to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 AMI:

    richard@neely:~$ ssh -v -i .ssh/taosecuritykey.pem \
    ubuntu@ec2-obfuscated.compute-1.amazonaws.com

    Linux domU-12-31-39-14-F9-0C 2.6.35-22-virtual #33-Ubuntu SMP
    Sun Sep 19 21:05:42 UTC 2010 x86_64 GNU/Linux

    Ubuntu 10.10

    Welcome to Ubuntu!
    * Documentation: https://help.ubuntu.com/

    System information as of Wed Nov 24 20:36:24 UTC 2010

    System load: 0.0 Processes: 60
    Usage of /: 4.4% of 14.76GB Users logged in: 0
    Memory usage: 6% IP address for eth0: 10.206.250.250
    Swap usage: 0%

    Graph this data and manage this system at https://landscape.canonical.com/
    ---------------------------------------------------------------------
    At cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 moment, only cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 core of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 system is installed. To tune cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365
    system to your needs, you can choose to install one or more
    predefined collections of software by running cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following
    command:

    sudo tasksel --section server
    ---------------------------------------------------------------------

    The programs included with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Ubuntu system are free software;
    cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 exact distribution terms for each program are described in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365
    individual files in /usr/share/doc/*/copyright.

    Ubuntu comes with ABSOLUTELY NO WARRANTY, to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 extent permitted by
    applicable law.

    To run a command as administrator (user "root"), use "sudo ".
    See "man sudo_root" for details.

    ubuntu@domU-12-31-39-14-F9-0C:~$


At this point my system was working, so I poked around a little.

ubuntu@domU-12-31-39-14-F9-0C:~$ df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 15G 665M 14G 5% /
none 290M 108K 290M 1% /dev
none 297M 0 297M 0% /dev/shm
none 297M 48K 297M 1% /var/run
none 297M 0 297M 0% /var/lock

ubuntu@domU-12-31-39-14-F9-0C:~$ sudo netstat -natup
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 468/sshd
tcp 0 48 10.206.250.250:22 98.218.35.11:57655 ESTABLISHED 577/sshd: ubuntu [p
tcp6 0 0 :::22 :::* LISTEN 468/sshd
udp 0 0 0.0.0.0:68 0.0.0.0:* 387/dhclient3

ubuntu@domU-12-31-39-14-F9-0C:~$ ifconfig -a
eth0 Link encap:Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rnet HWaddr 12:31:39:14:f9:0c
inet addr:10.206.250.250 Bcast:10.206.251.255 Mask:255.255.254.0
inet6 addr: fe80::1031:39ff:fe14:f90c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:429 errors:0 dropped:0 overruns:0 frame:0
TX packets:337 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:67019 (67.0 KB) TX bytes:49777 (49.7 KB)
Interrupt:9

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

ubuntu@domU-12-31-39-14-F9-0C:~$ sudo lft -D eth0 www.bejtlich.net

Tracing __________________________________.

TTL LFT trace to vhost.identityvector.com (205.186.148.46):80/tcp
1 10.206.248.3 0.8ms
2 216.182.232.236 0.5ms
3 216.182.232.64 0.4ms
** [neglected] no reply packets received from TTLs 4 through 6
7 dca-edge-18.inet.qwest.net (65.120.78.57) 2.1ms
8 dcp-brdr-03.inet.qwest.net (205.171.251.110) 4.9ms
** [neglected] no reply packets received from TTL 9
10 216.88.34.170 3.7ms
11 cr02-1-1.iad1.net2ez.com (65.97.48.206) 9.7ms
12 65.97.50.26 4.2ms
13 static-70-32-64-246.mtsvc.net (70.32.64.246) 4.2ms
14 vzd052.mediatemple.net (205.186.147.5) 3.7ms
15 [target] vhost.identityvector.com (205.186.148.46):80 4.1ms

I decided to update cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 AMI using apt.

$ sudo apt-get update
$ sudo apt-get upgrade

After reboot

ubuntu@domU-12-31-39-14-F9-0C:~$ uname -a
Linux domU-12-31-39-14-F9-0C 2.6.35-22-virtual #35-Ubuntu
SMP Sat Oct 16 23:19:29 UTC 2010 x86_64 GNU/Linux

I decided to try sending email from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 system:

ubuntu@domU-12-31-39-14-F9-0C:~$ sudo apt-get install exim4-daemon-light
...edited...
ubuntu@domU-12-31-39-14-F9-0C:~$ sudo dpkg-reconfigure exim4-config
* Stopping MTA for restart [ OK ]
* Restarting MTA [ OK ]

ubuntu@domU-12-31-39-14-F9-0C:~$ echo "test mail 1557" | mailx -v -s "test mail 1557" richard@bejtlich.net
LOG: MAIN
<= ubuntu@domu-12-31-39-14-f9-0c.compute-1.amazonaws.com U=ubuntu P=local S=489
ubuntu@domU-12-31-39-14-F9-0C:~$ delivering 1PLMPR-0000eu-4P
R: dnslookup for richard@bejtlich.net
T: remote_smtp for richard@bejtlich.net
Connecting to ASPMX.L.GOOGLE.COM [74.125.93.27]:25 ... connected
SMTP<< 220 mx.google.com ESMTP g35si18125523qcs.170
SMTP>> EHLO domU-12-31-39-14-F9-0C.compute-1.internal
SMTP<< 250-mx.google.com at your service, [174.129.106.239]
250-SIZE 35651584
250-8BITMIME
250 ENHANCEDSTATUSCODES
SMTP>> MAIL FROM: SIZE=1523
SMTP<< 250 2.1.0 OK g35si18125523qcs.170
SMTP>> RCPT TO:
SMTP<< 250 2.1.5 OK g35si18125523qcs.170
SMTP>> DATA
SMTP<< 354 Go ahead g35si18125523qcs.170
SMTP>> writing message and terminating "."
SMTP<< 250 2.0.0 OK 1290632265 g35si18125523qcs.170
SMTP>> QUIT
LOG: MAIN
=> richard@bejtlich.net R=dnslookup T=remote_smtp H=ASPMX.L.GOOGLE.COM [74.125.93.27]
LOG: MAIN
Completed

I also decided to try an IPv6 tunnel client:
ubuntu@domU-12-31-39-14-F9-0C:~$ sudo apt-get install miredo

ubuntu@domU-12-31-39-14-F9-0C:~$ ifconfig -a
eth0 Link encap:Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rnet HWaddr 12:31:39:14:f9:0c
inet addr:10.206.250.250 Bcast:10.206.251.255 Mask:255.255.254.0
inet6 addr: fe80::1031:39ff:fe14:f90c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5025 errors:0 dropped:0 overruns:0 frame:0
TX packets:2849 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2717010 (2.7 MB) TX bytes:1308113 (1.3 MB)
Interrupt:9

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

teredo Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet6 addr: 2001:0:53aa:64c:102c:3760:517e:9510/32 Scope:Global
inet6 addr: fe80::ffff:ffff:ffff/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1280 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 (0.0 B) TX bytes:144 (144.0 B)

ubuntu@domU-12-31-39-14-F9-0C:~$ host ipv6.google.com
ipv6.google.com is an alias for ipv6.l.google.com.
ipv6.l.google.com has IPv6 address 2001:4860:800f::68

ubuntu@domU-12-31-39-14-F9-0C:~$ ping6 2001:4860:800f::68
PING 2001:4860:800f::68(2001:4860:800f::68) 56 data bytes
64 bytes from 2001:4860:800f::68: icmp_seq=1 ttl=59 time=3.70 ms
64 bytes from 2001:4860:800f::68: icmp_seq=2 ttl=59 time=3.97 ms
64 bytes from 2001:4860:800f::68: icmp_seq=3 ttl=59 time=4.73 ms
^C
--- 2001:4860:800f::68 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 3.707/4.140/4.736/0.435 ms

I did that all under an hour, so before cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first hour finished I shut down cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 AMI.

The next time I want to use it, I'll visit cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 console, start it, and SSH. I don't have any real plans for this AMI besides experimentation, for now. I'll probably keep my eye on this ec2ubuntu Google Group too.

Tuesday, November 23, 2010

60 Free Minutes with Ubuntu 10.10 in Amazon EC2

I decided to try Ubuntu in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Cloud because 1) I had a few minutes this afternoon and 2) it's free. If you follow cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 directions on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir Web site you'll have access to an Ubuntu 10.10 server for 60 minutes, hosted by Amazon Elastic Compute Cloud (Amazon EC2). It's really simple, so easy a caveman could do it. (Ouch.)

  1. First make sure you have a public-private SSH key pair.


    richard@neely:~$ ssh-keygen -t rsa
    Generating public/private rsa key pair.
    Enter file in which to save cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 key (/home/richard/.ssh/id_rsa):
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /home/richard/.ssh/id_rsa.
    Your public key has been saved in /home/richard/.ssh/id_rsa.pub.
    The key fingerprint is:
    c6:e0:9c:84:74:3d:2d:09:b3:a2:e5:97:7b:63:59:da richard@neely
    The key's randomart image is:
    +--[ RSA 2048]----+
    | . +o o |
    | . o o= . |
    | + + o |
    | + = = |
    | . . * S . |
    | . o = |
    | . * E |
    | o . |
    | |
    +-----------------+

  2. Next visit www.launchpad.net and create and account.

  3. Visit cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 editsshkeys page created for your account (like https://launchpad.net/~taosecurity/+editsshkeys for me) and paste cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 content of your public SSH key into cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 window.

  4. Now it's time for https://10.cloud.ubuntu.com/. I read:

    Try Ubuntu 10.10 Server in Amazon EC2, entirely on our dime!

    All you need is an SSH client, and an SSH public key associated with your Launchpad.net account, and we will launch an Ubuntu Server instance in Amazon EC2 for you.

    We will give you cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 hostname and you can SSH directly to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 instance with your public SSH key on file in Launchpad. You will have full sudo (root) access, so take it for an hour-long joyride, install applications, configure services, test your programs, and evaluate cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 overall experience. We will terminate and clean up cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 instance automatically within an hour.


    I selected Ubuntu Server (10.10) with WordPress for fun.

  5. WAIT while cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 server is provisioned. It takes a few minutes but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Web site keeps refreshing to keep you informed.

  6. When done, SSH to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 server us user ubuntu. Be ready to enter your SSH keyphrase.

    richard@neely:~$ ssh ubuntu@184.72.80.52
    The aucá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365nticity of host '184.72.80.52 (184.72.80.52)' can't be established.
    RSA key fingerprint is 56:df:06:bf:30:c6:d6:26:76:2f:f1:6f:51:97:86:70.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added '184.72.80.52' (RSA) to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 list of known hosts.
    Linux ip-10-212-127-243 2.6.35-22-virtual #33-Ubuntu SMP Sun Sep 19 23:54:13 UTC 2010 i686 GNU/Linux
    Ubuntu 10.10
    Hello taosecurity, welcome to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Cloud!
    This instance will terminate around Tue Nov 23 21:37:00 UTC 2010"

    Welcome to Ubuntu!
    * Documentation: https://help.ubuntu.com/

    System information as of Tue Nov 23 20:42:00 UTC 2010

    System load: 0.35 Processes: 76
    Usage of /: 7.0% of 9.84GB Users logged in: 0
    Memory usage: 17% IP address for eth0: 10.212.127.243
    Swap usage: 0% IP address for eth0:0: 184.72.80.52

    Graph this data and manage this system at https://landscape.canonical.com/
    ---------------------------------------------------------------------
    At cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 moment, only cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 core of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 system is installed. To tune cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365
    system to your needs, you can choose to install one or more
    predefined collections of software by running cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following
    command:

    sudo tasksel --section server

  7. At this point I had a fully functional server with Wordpress installed. I played with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 server to create a first post.


  8. I also tested how quickly I could add software. WOW.

    sudo apt-get install ubuntu-desktop
    ...edited...
    Fetched 429MB in 28s (15.2MB/s)


  9. I started a second SSH session to tunnel cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 X protocol and started Firefox:


  10. From anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r server I scanned cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 EC2 instance to see what services are exposed:

    tao001:~# nmap -sV 184.72.80.52

    Starting Nmap 4.62 ( http://nmap.org ) at 2010-11-23 15:56 EST
    Interesting ports on ec2-184-72-80-52.compute-1.amazonaws.com (184.72.80.52):
    Not shown: 1710 closed ports
    PORT STATE SERVICE VERSION
    22/tcp open ssh (protocol 2.0)
    25/tcp open smtp Postfix smtpd
    80/tcp open http Apache httpd 2.2.16 ((Ubuntu))
    5901/tcp open vnc VNC (protocol 3.8)
    6001/tcp open X11 (access denied)
    1 service unrecognized despite returning data.
    If you know cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 service/version, please submit cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following fingerprint at
    http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
    SF-Port22-TCP:V=4.62%I=7%D=11/23%Time=4CEC2A95%P=x86_64-unknown-linux-gnu%
    SF:r(NULL,27,"SSH-2\.0-OpenSSH_5\.5p1\x20Debian-4ubuntu4\r\n");
    Service Info: Host: ec2-184-72-80-52.compute-1.amazonaws.com

    Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
    Nmap done: 1 IP address (1 host up) scanned in 7.457 seconds

  11. I ran Tshark to capture traffic and created a capture with this protocol distribution:

    richard@neely:~$ tshark -q -r tshark.pcap -z io,phs
    can't open file /home/richard//tmpssl/Renegotiating_TLS_20091104_pub/caps/apache22_wget_DHE/server.key

    ===================================================================
    Protocol Hierarchy Statistics
    Filter: frame

    frame frames:3764 bytes:424367
    eth frames:3764 bytes:424367
    ip frames:3750 bytes:422885
    udp frames:177 bytes:120953
    dns frames:80 bytes:8271
    ntp frames:24 bytes:2160
    data frames:70 bytes:105980
    dcerpc frames:3 bytes:4542
    icmp frames:17 bytes:1710
    tcp frames:3556 bytes:300222
    http frames:54 bytes:100166
    data-text-lines frames:10 bytes:17428
    media frames:1 bytes:818
    image-jfif frames:1 bytes:4434
    png frames:1 bytes:1194
    xml frames:2 bytes:1430
    unreassembled frames:1 bytes:2962
    smtp frames:14 bytes:3392
    imf frames:1 bytes:561
    tcp.segments frames:1 bytes:116
    http frames:1 bytes:116
    ssh frames:1 bytes:105
    ipv6 frames:14 bytes:1482
    udp frames:14 bytes:1482
    dns frames:14 bytes:1482
    ===================================================================


Near cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 end of my hour I got this warning in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 shell:

Broadcast Message from root@ip-10-212-127-243
(somewhere) at 21:17 ...

You have about 10 minutes before instance termination

So, I logged out and that was it!

I suggest everyone give this a try, especially if you've never spun up an EC2 instance. Next I'd like to try cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 AWS Free Usage Tier.

Thanks to Ubuntu and Amazon EC2 for making this such an easy process.

My only concern is this: how easy would it be to spin up free VMs like this for nefarious means?

Monday, November 22, 2010

Stop Killing Innovation

I hear and read a lot about how IT is supposed to innovate to enable "cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 business." Anytime I see "IT" in one part of a sentence and "cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 business" in anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r, a little part of me dies. Somewhere cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is a Nirvana where "thought leaders" understand that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is no business without IT, that IT is as part of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 business as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sales person or factory worker or janitor, and that IT would be better off not constantly justifying its existence to "cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 business." But I digress.

I want to address cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "innovation" issue in this post. CIO magazine recently published an interview with Vinnie Mirchandani titled Taking Business Risks With Your IT Budget. I liked what Mr Mirchandani had to say, although I'm going to omit his multiple references to "cloud." Instead, consider how he sees innovation in IT:

More [CIOs] want to be [innovators], but organizations don’t let cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m...

In cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 1980s, we talked about IT as a competitive advantage... In cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 1990s, we didn’t hear much of that at all, and IT started reporting to CFOs. In cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 early 2000s, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 CFO made IT a compliance function for auditing and security.

We’ve beaten cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 innovation out of CIOs at many companies. We want cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m to be risk mitigators, not innovators. People are afraid to be associated with any failure. They buy IT from vendors that are safe choices. They know cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y’re overspending, yet cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y do it anyway...


Mr Mirchandani doesn't say this, but he could have also mentioned that many managers expect CIOs to be "productivity engines," meaning cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y inherently shrink cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir budget every year. This drives cost reduction as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 primary goal for an IT shop -- not innovation. It's like expecting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 business development team to concentrate on decreasing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 amount of money spent per new customer acquired, while not caring so much on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 quantity or quality of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new customers -- if any!

So what to do?

The best thing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y could do is get out from under cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 CFO. Go to your CEO and say, “I want to report to you.” Make sure cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 CFO doesn’t stand in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 way. Some CIOs will get fired for doing that. Ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rs will get a chance...

Cost pressure isn't limited to those who only report to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 CFO, but he doesn't address that issue.

The shocking thing about corporate IT is that without realizing it, 85 percent to 90 percent of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 IT spend is with a vendor, including outsourcers and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 staff you buy from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m...

When you’re spending 90 percent of your money with a vendor, you have only a sliver left for [internal] talent — yet it’s with your own internal talent that you can innovate. There’s very little left for CIOs to innovate with.

The more progressive CIOs are saying cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y’ve overdone it with outsourcing and are starting to hire cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir own enterprise architects and business analysts and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r strategic resources.


To me this is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 crux of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 issue. Businesses cannot outsource innovation. Businesses can crush innovation pretty easily though.

I found one comment he made about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 cloud to be very interesting:

CIOs resist it. It’s not secure, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y say. It’s not always available. CIOs say cloud vendors go down too often.

I know CIOs who haven’t run a full disaster-recovery drill for years and turn around and say that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 cloud isn’t production-ready.


So, my message to readers is this: if cost-out, five nines uptime, outsourced workforces, and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r failed strategies are your goal, forget innovation. If you want innovation to thrive, try considering cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 alternatives.

Thursday, November 18, 2010

The Problem Is with Gmail

In my last post I lamented a problem with Sendmail on FreeBSD. I was trying to troubleshoot a problem sending email from FreeBSD's periodic scripts to Gmail. I've determined that, as crazy as this sounds, Gmail is broken. (Some of you are probably not surprised. If you want to skip cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 drama and see cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bottom line, scroll to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bottom of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 post.)

Let me start my case by showing network transcripts of one successful "periodic" email and one unsuccessful "periodic" email. I'm not going to change any email addresses in this post.

The following email is delivered successfully. Computer vm.taosecurity.com sits behind NAT so cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 public IP is 73.128.35.11. The entries prior to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 SMTP transactions (e.g. 074.125.091.027.00025-073.128.035.011.57184: and similar) were added by Tcpflow, which I used to render cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 transcript manually.

074.125.091.027.00025-073.128.035.011.57184: 220 mx.google.com ESMTP my6si2476635qcb.101

073.128.035.011.57184-074.125.091.027.00025: EHLO vm.taosecurity.com

074.125.091.027.00025-073.128.035.011.57184: 250-mx.google.com at your service, [73.128.35.11]
250-SIZE 35651584
250-8BITMIME
250-ENHANCEDSTATUSCODES
250 PIPELINING

073.128.035.011.57184-074.125.091.027.00025: MAIL From: SIZE=917

074.125.091.027.00025-073.128.035.011.57184: 250 2.1.0 OK my6si2476635qcb.101

073.128.035.011.57184-074.125.091.027.00025: RCPT To:
DATA

074.125.091.027.00025-073.128.035.011.57184: 250 2.1.5 OK my6si2476635qcb.101
354 Go ahead my6si2476635qcb.101

073.128.035.011.57184-074.125.091.027.00025: Received: from vm.taosecurity.com (localhost [127.0.0.1])
.by vm.taosecurity.com (8.14.4/8.14.4) with ESMTP id oAJ66xa2021306
.for ; Fri, 19 Nov 2010 01:06:59 -0500 (EST)
.(envelope-from analyst@vm.taosecurity.com)
Received: (from root@localhost)
.by vm.taosecurity.com (8.14.4/8.14.4/Submit) id oAJ66xF4021296
.for root; Fri, 19 Nov 2010 01:06:59 -0500 (EST)
.(envelope-from analyst)
Date: Fri, 19 Nov 2010 01:06:59 -0500 (EST)
From: analyst
Message-Id: <201011190606.oAJ66xF4021296@vm.taosecurity.com>
To: root@vm.taosecurity.com
Subject: vm.taosecurity.com security run output

Checking setuid files and devices:

Checking for uids of 0:
root 0
toor 0

Checking for passwordless accounts:

Checking login.conf permissions:

vm.taosecurity.com login failures:

vm.taosecurity.com refused connections:

-- End of security output --

073.128.035.011.57184-074.125.091.027.00025: .

074.125.091.027.00025-073.128.035.011.57184: 250 2.0.0 OK 1290128829 my6si2476635qcb.101

073.128.035.011.57184-074.125.091.027.00025: QUIT

074.125.091.027.00025-073.128.035.011.57184: 221 2.0.0 closing connection my6si2476635qcb.101

The following email fails to be delivered. Computer r200b has cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 public IP address 73.128.35.11 as shown. Again cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 lines are prepended by Tcpflow headers.

074.125.091.027.00025-073.128.035.011.19228: 220 mx.google.com ESMTP f23si2500736qcq.34

073.128.035.011.19228-074.125.091.027.00025: EHLO r200b.taosecurity.com

074.125.091.027.00025-073.128.035.011.19228: 250-mx.google.com at your service, [73.128.35.11]
250-SIZE 35651584
250-8BITMIME
250-ENHANCEDSTATUSCODES
250 PIPELINING

073.128.035.011.19228-074.125.091.027.00025: MAIL From: SIZE=1658

074.125.091.027.00025-073.128.035.011.19228: 250 2.1.0 OK f23si2500736qcq.34

073.128.035.011.19228-074.125.091.027.00025: RCPT To:
DATA

074.125.091.027.00025-073.128.035.011.19228: 250 2.1.5 OK f23si2500736qcq.34
354 Go ahead f23si2500736qcq.34

073.128.035.011.19228-074.125.091.027.00025: Received: from r200b.taosecurity.com (localhost [127.0.0.1])
.by r200b.taosecurity.com (8.14.4/8.14.4) with ESMTP id oAJ17UwM063291
.for ; Thu, 18 Nov 2010 20:07:30 -0500 (EST)
.(envelope-from richard@r200b.taosecurity.com)
Received: (from root@localhost)
.by r200b.taosecurity.com (8.14.4/8.14.4/Submit) id oAJ17UKs063248
.for root; Thu, 18 Nov 2010 20:07:30 -0500 (EST)
.(envelope-from richard)
Date: Thu, 18 Nov 2010 20:07:30 -0500 (EST)
From: Richard Bejtlich
Message-Id: <201011190107.oAJ17UKs063248@r200b.taosecurity.com>
To: root@r200b.taosecurity.com
Subject: r200b.taosecurity.com security run output

Checking setuid files and devices:

Checking for uids of 0:

root 0
toor 0

Checking for passwordless accounts:

Checking login.conf permissions:

r200b.taosecurity.com kernel log messages:
+++ /tmp/security.QW4ZT9Yc.2010-11-18 20:07:29.000000000 -0500

+bge0: promiscuous mode enabled
+bge0: promiscuous mode disabled
+bge0: promiscuous mode enabled
+bge0: promiscuous mode disabled
+bge0: promiscuous mode enabled
+bge0: promiscuous mode disabled
+bge0: promiscuous mode enabled

r200b.taosecurity.com login failures:

Nov 17 07:51:58 r200b sshd[53170]: error: connect_to 73.128.35.11 port 80: failed.
Nov 17 07:52:02 r200b sshd[53170]: error: connect_to 73.128.35.11 port 80: failed.

r200b.taosecurity.com refused connections:

Checking for a current audit database:

Database created: Thu Nov 18 19:05:00 EST 2010

Checking for packages with security vulnerabilities:

0 problem(s) in your installed packages found.

-- End of security output --

073.128.035.011.19228-074.125.091.027.00025: .

074.125.091.027.00025-073.128.035.011.19228: 550-5.7.1 [73.128.35.11] The IP you're using to send mail is not authorized to
550-5.7.1 send email directly to our servers. Please use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 SMTP relay at your
550-5.7.1 service provider instead. Learn more at
550 5.7.1 http://mail.google.com/support/bin/answer.py?answer=10336 f23si2500736qcq.34

073.128.035.011.19228-074.125.091.027.00025: QUIT

Darn. As you can see, Gmail claims "The IP you're using to send mail is not authorized to send email directly to our servers." Is that true? Didn't I just send email from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same IP address, as far as Gmail was concerned?

There is basically no difference between cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se emails, ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r than cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 contents of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 security reports in each. (Hint, hint.)

I can prove cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Gmail error message is bogus.

Let's start by showing both computers can send email to Gmail. If I don't send email using cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 periodic scripts, I can send email to Gmail from both systems successfully.

First, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 message from host vm succeeds (and I saw it in my Inbox).

vm# mail -v -s "From vm" taosecurity@gmail.com
Test from vm.
.
EOT
taosecurity@gmail.com... Connecting to [127.0.0.1] via relay...
220 vm.taosecurity.com ESMTP Sendmail 8.14.4/8.14.4; Fri, 19 Nov 2010 01:31:20 -0500 (EST)
>>> EHLO vm.taosecurity.com
250-vm.taosecurity.com Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-DELIVERBY
250 HELP
>>> MAIL From: SIZE=58
250 2.1.0 ... Sender ok
>>> RCPT To:
>>> DATA
250 2.1.5 ... Recipient ok
354 Enter mail, end with "." on a line by itself
>>> .
250 2.0.0 oAJ6VKaj021400 Message accepted for delivery
taosecurity@gmail.com... Sent (oAJ6VKaj021400 Message accepted for delivery)
Closing connection to [127.0.0.1]
>>> QUIT
221 2.0.0 vm.taosecurity.com closing connection

vm# grep oAJ6VKaj021400 /var/log/maillog

Nov 19 01:31:20 vm sm-mta[21400]: oAJ6VKaj021400: from=,
size=393, class=0, nrcpts=1, msgid=<201011190631.oAJ6VKlp021399@vm.taosecurity.com>,
proto=ESMTP, daemon=Daemon0, relay=localhost [127.0.0.1]

Nov 19 01:31:20 vm sendmail[21399]: oAJ6VKlp021399: to=taosecurity@gmail.com, ctladdr=analyst
(1001/1001), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30058, relay=[127.0.0.1]
[127.0.0.1], dsn=2.0.0, stat=Sent (oAJ6VKaj021400 Message accepted for delivery)

Nov 19 01:31:21 vm sm-mta[21402]: oAJ6VKaj021400: to=,
ctladdr= (1001/1001), delay=00:00:01, xdelay=00:00:01,
mailer=esmtp, pri=30393, relay=gmail-smtp-in.l.google.com. [74.125.91.27], dsn=2.0.0, stat=Sent
(OK 1290130290 g35si2521350qcs.118)

Second, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 message from r200b succeeds (and I saw it in my Inbox).

r200b:/root# mail -v -s "From r200b" taosecurity@gmail.com
Test from r200b.
.
EOT
taosecurity@gmail.com... Connecting to [127.0.0.1] via relay...
220 r200b.taosecurity.com ESMTP Sendmail 8.14.4/8.14.4; Thu, 18 Nov 2010 20:31:01 -0500 (EST)
>>> EHLO r200b.taosecurity.com
250-r200b.taosecurity.com Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-DELIVERBY
250 HELP
>>> MAIL From: SIZE=64
250 2.1.0 ... Sender ok
>>> RCPT To:
>>> DATA
250 2.1.5 ... Recipient ok
354 Enter mail, end with "." on a line by itself
>>> .
250 2.0.0 oAJ1V1Xx063384 Message accepted for delivery
taosecurity@gmail.com... Sent (oAJ1V1Xx063384 Message accepted for delivery)
Closing connection to [127.0.0.1]
>>> QUIT
221 2.0.0 r200b.taosecurity.com closing connection

r200b:/root# grep oAJ1V1Xx063384 /var/log/maillog

Nov 18 20:31:01 r200b sm-mta[63384]: oAJ1V1Xx063384: from=<
richard@r200b.taosecurity.com>, size=417, class=0, nrcpts=1, msgid=<
201011190131.oAJ1V1SP063383@r200b.taosecurity.com>, proto=ESMTP, daemon=Daemon0,
relay=localhost [127.0.0.1]

Nov 18 20:31:01 r200b sendmail[63383]: oAJ1V1SP063383: to=taosecurity@gmail.com, ctladdr=richard
(1001/1001), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30064, relay=[127.0.0.1]
[127.0.0.1], dsn=2.0.0, stat=Sent (oAJ1V1Xx063384 Message accepted for delivery)

Nov 18 20:31:02 r200b sm-mta[63386]: oAJ1V1Xx063384: to=,
ctladdr= (1001/1001), delay=00:00:01, xdelay=00:00:01,
mailer=esmtp, pri=30417, relay=gmail-smtp-in.l.google.com. [74.125.91.27], dsn=2.0.0, stat=Sent
(OK 1290130252 m5si2493978qcu.183)

As you can see, both computers, vm and r200b, can send email fine to Gmail.

Now this will blow your mind. What happens when I manually send an email with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 content of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 periodic email that Gmail refused to accept from r200b?

Let's send it from vm, which so far has had no trouble talking to Gmail under any circumstances, whecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r sending manual email or its own periodic output.

vm# mail -v -s "From vm, fake periodic output for blog" taosecurity@gmail.com
Checking setuid files and devices:

Checking for uids of 0:
root 0
toor 0

Checking for passwordless accounts:

Checking login.conf permissions:

r200b.taosecurity.com kernel log messages:
+++ /tmp/security.QW4ZT9Yc.2010-11-18 20:07:29.000000000 -0500
+bge0: promiscuous mode enabled
+bge0: promiscuous mode disabled
+bge0: promiscuous mode enabled
+bge0: promiscuous mode disabled
+bge0: promiscuous mode enabled
+bge0: promiscuous mode disabled
+bge0: promiscuous mode enabled

r200b.taosecurity.com login failures:
Nov 17 07:51:58 r200b sshd[53170]: error: connect_to 73.128.35.11 port 80: failed.
Nov 17 07:52:02 r200b sshd[53170]: error: connect_to 73.128.35.11 port 80: failed.

r200b.taosecurity.com refused connections:

Checking for a current audit database:

Database created: Thu Nov 18 19:05:00 EST 2010

Checking for packages with security vulnerabilities:

0 problem(s) in your installed packages found.

-- End of security output --
.
EOT
taosecurity@gmail.com... Connecting to [127.0.0.1] via relay...
220 vm.taosecurity.com ESMTP Sendmail 8.14.4/8.14.4; Fri, 19 Nov 2010 02:03:17 -0500 (EST)
>>> EHLO vm.taosecurity.com
250-vm.taosecurity.com Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-DELIVERBY
250 HELP
>>> MAIL From: SIZE=1026
250 2.1.0 ... Sender ok
>>> RCPT To:
>>> DATA
250 2.1.5 ... Recipient ok
354 Enter mail, end with "." on a line by itself
>>> .
250 2.0.0 oAJ73HIk021517 Message accepted for delivery
taosecurity@gmail.com... Sent (oAJ73HIk021517 Message accepted for delivery)
Closing connection to [127.0.0.1]
>>> QUIT
221 2.0.0 vm.taosecurity.com closing connection

vm# grep oAJ73HIk021517 /var/log/maillog

Nov 19 02:03:17 vm sm-mta[21517]: oAJ73HIk021517: from=,
size=1361, class=0, nrcpts=1, msgid=<201011190703.oAJ73G8n021516@vm.taosecurity.com>,
proto=ESMTP, daemon=Daemon0, relay=localhost [127.0.0.1]

Nov 19 02:03:17 vm sendmail[21516]: oAJ73G8n021516: to=taosecurity@gmail.com, ctladdr=analyst
(1001/1001), delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=31026, relay=[127.0.0.1]
[127.0.0.1], dsn=2.0.0, stat=Sent (oAJ73HIk021517 Message accepted for delivery)

Nov 19 02:03:18 vm sm-mta[21519]: oAJ73HIk021517: to=,
ctladdr= (1001/1001), delay=00:00:01, xdelay=00:00:01,
mailer=esmtp, pri=31361, relay=gmail-smtp-in.l.google.com. [74.125.91.27], dsn=5.0.0,
stat=Service unavailable

Nov 19 02:03:18 vm sm-mta[21519]: oAJ73HIk021517: oAJ73IIk021519: DSN: Service unavailable

What's up with that, Gmail? If I sniff cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 traffic I can see Gmail refuse it again:

074.125.091.027.00025-073.128.035.011.58727: 220 mx.google.com ESMTP o12si2579217qcs.143

073.128.035.011.58727-074.125.091.027.00025: EHLO vm.taosecurity.com

074.125.091.027.00025-073.128.035.011.58727: 250-mx.google.com at your service, [73.128.35.11]
250-SIZE 35651584
250-8BITMIME
250-ENHANCEDSTATUSCODES
250 PIPELINING

073.128.035.011.58727-074.125.091.027.00025: MAIL From: SIZE=1361

073.128.035.011.58727-074.125.091.027.00025: MAIL From: SIZE=1361

074.125.091.027.00025-073.128.035.011.58727: 250 2.1.0 OK o12si2579217qcs.143

073.128.035.011.58727-074.125.091.027.00025: RCPT To:
DATA

074.125.091.027.00025-073.128.035.011.58727: 250 2.1.5 OK o12si2579217qcs.143
354 Go ahead o12si2579217qcs.143

073.128.035.011.58727-074.125.091.027.00025: Received: from vm.taosecurity.com (localhost [127.0.0.1])
.by vm.taosecurity.com (8.14.4/8.14.4) with ESMTP id oAJ73HIk021517
.for ; Fri, 19 Nov 2010 02:03:17 -0500 (EST)
.(envelope-from analyst@vm.taosecurity.com)
Received: (from root@localhost)
.by vm.taosecurity.com (8.14.4/8.14.4/Submit) id oAJ73G8n021516
.for taosecurity@gmail.com; Fri, 19 Nov 2010 02:03:16 -0500 (EST)
.(envelope-from analyst)
Date: Fri, 19 Nov 2010 02:03:16 -0500 (EST)
From: analyst
Message-Id: <201011190703.oAJ73G8n021516@vm.taosecurity.com>
To: taosecurity@gmail.com
Subject: From vm, fake periodic output for blog

Checking setuid files and devices:

Checking for uids of 0:
root 0
toor 0

Checking for passwordless accounts:

Checking login.conf permissions:

r200b.taosecurity.com kernel log messages:
+++ /tmp/security.QW4ZT9Yc.2010-11-18 20:07:29.000000000 -0500
+bge0: promiscuous mode enabled
+bge0: promiscuous mode disabled
+bge0: promiscuous mode enabled
+bge0: promiscuous mode disabled
+bge0: promiscuous mode enabled
+bge0: promiscuous mode disabled
+bge0: promiscuous mode enabled

r200b.taosecurity.com login failures:
Nov 17 07:51:58 r200b sshd[53170]: error: connect_to 73.128.35.11 port 80: failed.
Nov 17 07:52:02 r200b sshd[53170]: error: connect_to 73.128.35.11 port 80: failed.

r200b.taosecurity.com refused connections

Checking for a current audit database:

Database created: Thu Nov 18 19:05:00 EST 2010

Checking for packages with security vulnerabilities:

0 problem(s) in your installed packages found.

-- End of security output --

073.128.035.011.58727-074.125.091.027.00025: .

074.125.091.027.00025-073.128.035.011.58727: 550-5.7.1 [73.128.35.11] The IP you're using to send mail is not authorized to
550-5.7.1 send email directly to our servers. Please use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 SMTP relay at your
550-5.7.1 service provider instead. Learn more at
550 5.7.1 http://mail.google.com/support/bin/answer.py?answer=10336 o12si2579217qcs.143

073.128.035.011.58727-074.125.091.027.00025: QUIT

The transcript ends with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bogus "The IP you're using to send mail is not authorized to send email directly to our servers." message. So what's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bottom line?

Gmail appears to be filtering email based on content, providing a bogus "The IP you're using to send mail is not authorized to send email directly to our servers." message.

Does anyone have anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r explanation? I would love to hear it. Thank you.

Incidentally, I am considering workarounds that WOULD use my ISP's SMTP server and hopefully avoid this problem. Also, I don't expect to see this issue using cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Gmail Web interface. It must be a filter Gmail applies when users talk to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir SMTP servers directly.