I’ll Tell You What…

So I’m sitting there at work minding my own business when a co-worker walks up and tells me that the “powers-that-be” are testing the security of the UNIX/Linux systems by intentionally doing things that trigger events in our audit logs. I just roll my eyes and think happy thoughts for a minute or two while the situation sinks in. It’s never a good idea to let non-technical people do technical things unsupervised, I think. I’m told that “they” are just trying to make sure that everything we say that we review during a weekly audit gets reviewed. That’s ok. I would hate for someone to gundeck the logs and miss something important. That someone would learn an alternate meaning to “man on the street” I can assure you.

Anyway, much of what we see come to the UNIX/Linux side of the house with regards to security policy comes from the Windows side and the plethora of problems that are encountered there. One thing that is checked is date/time continuity. Let me first say that I am all for ensuring that the time does NOT change in any way except via ntp. Any other change in the date/time of the machine indicates tampering and warrants further investigation.

If you have used a Windows computer for any length of time you’ve discovered the wonders that is the Windows Clock on the Taskbar (also known as the Date and Time Properties). It is one the most useful items in Windows (any version). This thing has been around for so many years that it’s use is part of everyday (or every other day) computer life. Imagine, if you will, an email from a co-worker asking if you can attend a concert or sporting event on a particular date. Your first thought is, “What day of the week is that?” That’s usually my first thought. What’s the quickest way to find out? Yep. Double-click the clock in the Taskbar and check the visual calendar. Virtually everyone I know has done this a few times in their life.

Now imagine a situation where you would not want people to change the date/time because you log important events that are security relevant. One of the programs you would lock down is the Date and Time Properties. Now, if anyone tried to change the time by double-clicking the clock he or she would be told that he or she did not have permission to do that. Also, an event would be logged for the auditor to find. I can’t remember the event number off hand. My point is that this warning and subsequent event can be avoided (for the most part) if another policy were set in place removing the clock in the Taskbar altogether! It’s not that hard to do and can be pushed down from your domain controller so you don’t have to touch each machine.

In the Windows registry (XP or Vista), look for the key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

It should be there but if not just create it. In fact, it may be in a couple of places. F3 is your friend.

If you examine this key, you will see a few of No* DWORDs. You will want to look for NoTrayItemsDisplay in particular because setting that value to 1 (TRUE) will prevent the Taskbar from displaying all the mini-icons on the right-hand side. If this 32-bit DWORD does not exist just create it.

Once you have logged off and back on the little annoying icons should be gone. They’re still running but the mini-icons are block from being shown.

Save yourself a headache or tow or three or four and set that key so the auditors can look for the really important date/time events such as 520 and 577 (assuming that Audit privilege use is set in your Audit Policy)!

Some of the things Bruce Schneier says reminds me of me. In his latest commentary in Wired.com, Bruce points out that it takes a different kind of person to see through security-tinted glasses.

So I’ve been wondering lately about programming languages.  I’d like to thoroughly learn one but I’m stuck as to which one.  Over the years I’ve used many different languages from a variety of BASICs to Pascal to Perl to Java and so on but I’ve never really sat down to dive in head first and learn it as if my job depended on it.

I don’t really see a future for me using BASIC even though RealBASIC looks really nice given that it’s a cross platform compiler.  If I were writing programs and selling them it would probably be the way to go.  I just don’t see how it would benefit my career any at the moment.

The company I work for uses Ada is many of their programs.  I’ve taken the internal course and like the structure of the language.  In fact, I think that it looks an awful lot like Pascal.  They appear to share various key words and such.  But as I look at the newer programs and the requirements in the job market I
just don’t see myself going there.

I took a Fortran class in college and received the dubious honor of being the only one in class that thought the language looked like BASIC.  My instructor took offense to my half-joking comments but I had an almost perfect score in the class so he didn’t say much about it.    That was 16 or 17 years ago (yikes!) and I never used the language outside the class so I think it’s safe to say that Fortran is off the list.

PHP is just a hobby language for me because the only thing I’ve used it for is my own website.  It’s not used hardly at all at work.  I did make a file browser-type application for some friends but that’s about it.  There are several things I like about the language.

I almost forgot my OS/2 days and REXX.  The only thing worth while I did with REXX was to write a desktop background changer that stored the history  in extended attributes.  I thought it was cool.

A few languages that I’ve looked into but never really got very far (disclaimer: I have studied them enough to perform code walk-throughs while providing meaningful input): C, C++.

This just leaves Perl, Python and Java.  Of the three, I have the most experience with Perl.  In fact, my employer has sent me to classes to study the subject.  We have a ton of home-grown applications written in Perl.  The most complicated program I’ve written is server-client application that checked with NIS to check on password expiration on successful user log in.  There are plenty of opportunities to make use of Perl expertise but they would be limited to server maintenance, which isn’t all bad I assure you.  Is this skill portable?  As a sys admin, yes but there just aren’t that many jobs needing Perl programmers.

There’s not much Python expertise where I work, unfortunately, but there are some groups that use Mentor Graphics and Python appears to be integrated fairly well.  I bought a book to learn Python a while back and have been slowly reading through it and trying it out.  I really like the structure and object oriented code that’s used.  What I really like is the idea that one would code for maintainability and readability!  I know a Perl programmer or two that write code at such a level that it can’t hardly be maintained at all.  I look at the code and think that it’s overly complicated.  To be honest, I just wanted to check it out to see why so many Perl guys hate Python so much.  As I search around the Internet there appears to be more Python programmer positions that Perl but there’s still not a huge demand for them.

A few years back (5 or 6), I was in between projects at work and thought that I might learn Java since I had heard that an upcoming major contract was going to need Java programmers.  It was web-based and pseudo-interactive with a somewhat limited amount of knowledge to convey.  However, it did whet my appetite concerning objects and GUI programming.  I think I spent 2 months studying Java but, in spite of my enthusiasm and constant nagging, my manager never approached the software engineering group about a job. Being too good can prevent you from expanding your horizons, evidently.  Anyway, the whole episode just depressed me and I trudged on like a good corporate robot.  That was then.

The reason I’m even bringing it up now is that the IT group in my division is laying a few folks off across the corporation (50 total) and even though I’m not on “the list” I’ve been looking anyway.  What I’ve found is an over abundance of Java positions and some of them are fairly high paying jobs.  In fact, some of them even require a certification such as CISSP of which I am a holder. 

I think for now I’ll just do some Python and Java reading with the hope that one of them will jump out at me and say, “I’m the one you’ve been looking for.”  We’ll see what happens.

Very interesting Blizzard and World of Warcraft data.

09 f9 
11 02 
9d 74 
e3 5b 
d8 41 
56 c5 
63 56 
88 c0

IBM DeveloperWorks has put together a list of 10 good UNIX usage habits. From the article:

Adopt 10 good habits that improve your UNIX® command line efficiency — and break away from bad usage patterns in the process. This article takes you step-by-step through several good, but too often neglected, techniques for command-line operations. Learn about common errors and how to overcome them, so you can learn exactly why these UNIX habits are worth picking up.

Good stuff to know if you work in a UNIX-like environment such as Solaris, Linux, Mac OS X, etc.

A chinese company has claimed that they have cracked the Skype protocol enabling them to create compatible applications and, more importantly, enable the Chinese government to tighten its grip on free speech in China by blocking voice-over-IP connections from certain parts of the world.

From CIO Tech Informer:

By cracking the Skype protocol, the company claims it can also block Skype voice traffic, Paglee said. “They could literally turn the lights off on Skype in China very, very quickly,” said Paglee, who is also a lawyer and engineer, speaking from California on Friday.

The company could transfer the technology to the Chinese government, which has continually sought ways to tighten its filtering and control over the Internet. So far, the company doesn’t have any plans to market its blocking capabilities, Paglee said.

The company claims it can block calls by exploiting Skype software functions, he said. Skype’s software taps users’ computers to route calls. Paglee said the Chinese company can detect, map and block the computers that are passing on calls, and in doing so shut down Skype calls.

The company, however, has not been able to decrypt the phone calls passing through those computers and listen in because of the complicated encryption keys used during calls, Paglee said.

“Skype’s conversations are still secure, but what’s not secure is their present business model of using everybody else’s computer to propagate the Skype network,” Paglee said.

Well, at least they can’t listen to the conversations. I’m sure there would be mass arrests made by the Chinese government if they could.

I’m not sure what I expected from their get together. Hu Jintao and Bill Gates pat each other on the back.

And in other news. Yahoo! may have helped China jail another journalist. This will be Yahoo!’s third assist in the capture of a journalist. Way to go, Yahoo!

The 10.4.6 update for Mac OS X has been released. This is a big update (~140 MB for PPC and ~192 MB for Intel) and fixes many problems. A smaller (~65 MB for PPC or ~163 MB for Intel) 10.4.5 to 10.4.6 update file is also available on the Downloads page. Just run Software Update on your Mac and tell it to install or you can download the update file manually if you have a computer that is not connected to the Internet.

Here comes yet another patent infringement headline. AT&T has started threatening companies in order to license it’s MPEG-4 technology. AT&T is targeting companies such as Apple, CyberLink, DivX, InterVideo, and Sonic Solutions as having unlicensed products that use their technology.

Just what the world needs: more software patent lawsuits.

The more I read about China the more I’m convinced that companies are only concerned with making a buck and could care less what China does to its own people.

It looks as if China is becoming the Big Brother of George Orwell’s 1984.

Just testing out a new Mac OS X Tiger widget called RapidMetaBlog. I really like the interface to this one. It seems really polished and well laid out.