Thoughts of an Angel
 
So, I'm embarking on my first "real" Java project (er, so I want to do this in Java).  This project is in the form of an application that helps control inventory.  For every time the barcode on a box is scanned, the inventory count decrements by one.  I've got the algorithm and the arithmetic involved down.  I just don't know how to get the Java application to recognize USB input (such as something like a mouse).  So now I inquire: how would you go about doing this?

Thanks,
Angela Fox
 
 
Due to some needed correction, I have redone the test and made sure that they both came from the same servers (thanks, Billy!).
Picture
Google Chrome
Picture
IE9

Eh...they have their trade-offs, it looks like. 

My guess would be that given that we were on a Microsoft network in Atlanta, that something was configured specifically for the browser, IE9.  Still, "kudos" to Microsoft for making their browser a great deal better over time. 

I still maintain that Bing makes for an awful verb. 
Professional Tip of the Day: Now go Bing yourself.
 
 
Here's the Dropbox link to my pics from the event:
MSTechEd 2011 Photos

Cheers!
Angela Fox
 
 
I am in Texas again.   Here are the results:
Picture
Google Chrome

Picture
IE9

'Nuff said.

As for location, I am currently in Arlington, the sweaty and slow armpit of internet connectivity.  I only have to sit on a different side of a couch before my phone begins roaming.  And well, the router was $15 at a garage sale...and it's AT&T service (can someone say *blegh!*?).

I also noticed that IE9 had to draw from a different server, which I find interesting. 

Anyhow, g'day!
 
 
Now that I've had a chance to recover from travel, show off new swag, and catch up on the latest Doomsday news that unfortunately needlessly spams our Internet, I shall give a bit of a commentary on my past week in Atlanta, GA.  It has to be brief as the time where I go to the In-N-Out Burger that just opened in Frisco is fast-arriving (heck yeah!). 

I really liked the TechEd Conference.  It was a lot of fun.  A few of my initial impressions were a bit wrong. For instance, due to the three buildings it spanned throughout, it was often more of a track meet than a conference - but it was a very educational track meet.  I did not go to as many seminars as I had originally wanted to, but feel that I gained more from talking with some of the attendees and fellow staff members anyway.  I went to see the Keynote speaker who spoke for nearly two hours about the Cloud, and a couple of the security-related ones such as the Wireshark course, WiFi, and "Defense Against the Dark Arts" courses.  I found most of these informative, but I feel that I should have gauged the courses better to gain more, but that's for next year.  I learned a lot not only about the security of my technical network, but of my personal network.  By that, I mean to say, how to network with people.  I made new friends, found out about different types of businesses (I never would have actually thought that a third party business would make another's application run more efficiently.  Isn't this what the programmers themselves were supposed to do?).  I also learned a lot about techniques in my own job search.  I learned that I was smarter than I thought I was.  Out of it, I got a plan for at least the next five years of my life, which is not something many other college graduates can say they have.  This is priceless!  

I certainly will not leave this blog alone any time soon (though am considering a host change).    There will, however, be a few weeks where updates will be scarce as I finish my last class for my Bachelor's Degree (*happy dance and hallelujah chorus ensues*).  In the next couple of days, I hope to have some pictures up.

Meanwhile, cheers! 
Angel Fox

P.S: Just in case Pastor Crackpot is right and the Rapture really does happen
tonight: So long, and thanks for all the fish!
 
 
Randy Guthrie's Blog

Need I say more?
 
 
I know so many open source and Mac fanboys who will be angry with me after this...
Picture
The SpeedTest results from Google Chrome.

Picture
The SpeedTest results from Internet Explorer 9.

I actually tried both of these browsers in the speed test several times, but to no avail.  While specific results varied, the winner was clear.  What's interesting is that they both perform quite abismally (compared to what this network is capable of giving out) when they are both open.  Chrome and IE do not get along (understandably).  I am not entirely sure how the processes in IE work, but I do know that in Chrome, there is a separate process open for every tab.  This may slow things down a bit. 

However, all of this is rather moot considering the guy next to me gets > 400 mbps.  It sounds like I need to figure out some network connection configurations.  I think I'll Goog...uh, Bing that. 

To make you open source and Mac fanboys happy, I will do the same test when I get back home to Texas.  I am willing to accept that something got rigged (though I doubt it).

-Angela Fox

P.S. I really like Microsoft in general (anyone who knows me knows this), but it sounds really wrong to "Bing" someone.  <*gasp!*  I did NO such thing!!>
 
 

Normally, I avoid "technical women's" events like the plague.  Most of them discuss either how to be a man or how to find other women and seclude themselves from the evil, gross, stinky, sex-ridden, and sometimes creepy men in their workplace (or so the impression seems to be).  So far, however, most of my experiences with working with men in IT and Sound Engineering (my first love) have been positive.  Then again, I'm a bit of a tomboy at heart.  I make friends easier with guys than most women - no drama, no super loud high-pitch squealing and/or screaming on excitement, they get right to the point when they speak (perfect for my attention span...or lack thereof), and being logically wired, most of what they say makes sense.  Men are just mentally wired differently from women.  And frankly, I feel that most women take on a sort of "victimized" mentality in the technical workplace by just automatically assuming that life is out to get them because they were born a woman.  Albeit, it is not easy sometimes.  It's even a little overwhelming at times when your thought process is not lined up with the rest of your team (i.e. left-brainers vs. right-brainers, process-oriented vs. detailed oriented).  It's really not that bad though.

Needless to say, this women's luncheon was quite good (as was the food, though I'm pretty sure my table was served last).  I enjoyed the panelists who were speaking.  They gave good advice to those of us who had questions about working in the industry from how to deal with male family members who are not supportive to how to get the men at work to take us seriously.  There was one question that I had that never got answered however, one of etiquette: I've never had so much problem working with men as I have dealing with their significant others.  For instance, when I started working at the Help Desk, my manager's wife (who is also IT, but different department) gave me the evil eye for the first several weeks.  It seems that after I became engaged, she's a great deal more friendly to me now.  I've come across this before in the work place.  I can't help it - I'm just naturally friendly.  It seems that the best anecdote is communication.  While there are still some women who are just naturally jealous, it usually at least helps to try to talk to the girl more than the guy while in the presence of both of them.  I know I'm not alone though.  When I told all the ladies at my table about this, they all were like, "Hey, that's my problem too!  I thought I was the only one who dealt with that!" I'm glad to know I'm not the only one with that problem.

If you're a guy, how do you suggest you deal with this?  If you're a girl, how do you deal with this? I'm interested in contrasting opinions. 

'Til next time.
Angela


 
 
I promise you that I did not come up with this title.  :)  It was our speaker Andy Malone who came up with this title.  He spoke about the 802.1x protocols, but mostly about others such as GPRS, WAP, Ricochet, Bluetooth, Blackberry, RFID, and NFC.

On Bluetooth - it is meant to be a cable replacement tool and it is a short range communicator (10m).

He then focused on RFID and how it can be hacked: 
RFID Tags can be cloned
Hacking tools are in Backtrack 4
Hardware is getting cheaper, which means that the interrogators (the RFID readers) are also getting cheaper.
Hacked cards with authorized ID numbers can be used to unlock doors
And of course, all RFID tags can be read, some from many meters away

NFC - Near Field Communicator
It's a set of short-range technologies
Requires a distance of at least 4cm
There are ways to configure it through:
Emulation
Reader-active situations
P2P Mode - Two NFC's communicating together and exchanging information
Some security concerns with NFC include:
Difficult due to distance factors
It is a radio signal that can be picked up
Applications use cryptography protocols
They are susceptible to relay attacks
And of course, if you lose your phone, you've lost security of your wireless device

Some of the LAN security goals included:
Access Controls
Key management
No abuse of wireless network
Data Integrity
Data packets are not modified during transit
Confidentiality
Data packets are encrypted

The current wireless standards are as follows:
802.11 WEP
802.11 + 802.1x
802.11 + WPA
802.11 + WPA2
AES

Shared Key Authentication
Utilizes the challenge/response
Requires and matches key
Is very weak

WEP-Wired Equivalent Privacy...or not.
It also utilizes a shared key encryption
Initialization Vector = 24-bit
And it uses RC4 for encryption

TKIP was meant to improve WEP, but ultimately did not because it also uses the RC4 encryption algorithm.

So far, 
 
 
This session discussed the basics of capturing and analyzing network packets using Wireshark.  

First they briefly discussed potential legal issues.  For instance, one should be aware of the local and national laws concerning computer technology and cyber security.  One must have permission to capture and review traffic for purposes of troubleshooting, optimization, security, and application analysis.  I do believe that has to be permission in writing too...

One must know their chain of custody and create SHA1, RIPEMD160, or MD5 hashes of trace files one plans on using as evidence with capinto - the command line for Wireshark.

I also learned that most bot-infected hosts and their Command and Control (C and C) servers can be detected by capturing and analyzing DNS responses.

One of the key points that is important to note is that to know whether or not your server is being attacked is to know how your servers normally behave in the first place.  

Another point discussed was the responses of host-based firewalls.  Many of them simply come back with an ICMP reponse when it detects an invalid host attempting to access it.  However, a host-based firewall should NEVER actually send anything back, but just drop the connection if it is suspicious.  In other words, do not violate the #1 rule of the internet - do not feed the trolls.

Also, ARP does not get past routers for a lack of an IP header - no identification, no access.

Some Active Discovery Processes were discussed here:
  • ARP Scan - local only; can find << hidden >> hosts
  • Ping scan - ICMP type 8/0
  • ACK Scan - TCP ACK - check firewall rules
  • FIN Scan - FIN - illogical TCP fram
  • Xmas Scan - FIN PUSH URG
  • Null Scan - No flags set
  • Maimon Scan - FIN/ACK
  • Idle Scan - Uses zombie; watches IP ID value
  • TCP Port Scan - stealth of full
  • UDP Port Scan - listening for ICMP responses
  • OS Fingerprinting Scan - TCP, UDP, ICMP Probes


Remember, the difference between reconnaissance and a breach is what they are used for.
  • Here are some of the signatures of traffic:
  • Unusual ports in use
  • Unusual protocols in use
  • High TCP "data" rate/Undissected traffic
  • Unusual conversation pairs
  • Unusual endpoints
  • High number of application failures/error responses
  • Higher-than-normal traffic rates
  • Higher-than-normal conversations per user
  • Traffic to/from illegal MAC or IP address

I also learned that a dark MAC address or dark IP address is a bogus address packet treated as a broadcast.  Consequently, the router simply keeps flooding the network in search of a machine that matches the MAC and/or IP address, but of course, never finds it.

I also learned how to create Coloring Rules.  Essentially, you tell it to find certain packets that meet a certain condition.  If it does, then you will notice it highlighted as the color you assign to that. One suggestion is to assign your largest threats the color(s) that is/are most aggravating and/or certain to catch your attention.

And finally, I leave you with two pieces of advice:  
1) Try to stay away from using "!=" in your filter.  Instead, opt for "!<insert condition here> = <insert compared condition here>"  For instance, instead of:
if(x!=y), 

use

 if(!(x==y)).

2) When you look at your trace files, it will come up as several characters.  Just know that the combination letters "MZ" should be treated as an executable file, because it is.  Be very careful with this, however

More to come later today!