For some time now, when we reverse scans on networks, originators of phishing attacks and other types of illicit network traffic we’ve found so often that the trail ends at the Great Wall of China. Basically, if the IP address is a Chinese IP then more than likely you will never have anything done, never get a response from an inquiry and essentially be laughed at if you do anything more than block the IP or the subnet. It has gotten to the point where when you see those entries in the logs or in reports you in fact think, this must be some drive-by and while you give the nefarious traffic the attention it deserves you know that you’re just basically wasting your time for the most part.
The Chinese People’s Liberation Army (PLA) is actively developing a capability for computer network operations (CNO) and is creating the strategic guidance, tools and trained personnel necessary to employ it in support of traditional warfighting disciplines.
It’s a well produced document, and well worth the read if you have time:
But Northrup Grumman isn’t just publishing reports. The CSO of the organization, Timothy McKnight is actually doing interviews backing it up. If you are interested in information security and more specifically in cyber-warfare, then this is a story worthy of following, although for most of us it will have little real world implications for the foreseeable future.
One thing to try, especially if you get an error that Mac OS X is ‘Unable to launch the application.’ is to do a get-info (command-I when clicked on the application) for the application and then check the box for ‘Open in 32-bit mode’. I have actually found running applications in 32-bit mode to resolve 3 different issues, only one of which was with Final Cut Server. Anyway, hope this helps someone else!
I got a message telling me that I have reached the maximum number of Facebook friends allowed. Apparently one is not allowed to have more than 5,000 friends. Go figure. Therefore, over the course of the next few weeks I’ll be trying to whittle that list down. If I inadvertently remove anyone then feel free to readd me, but if we haven’t actually met in person, please try and indicate why you’re adding me so I know it isn’t spam.
I’ve been experimenting with some of the new developmental stuff in Moodle 2.0. The first thing that struck me was that the navigation is much better. It’s uniform throughout the pages and it seems like a lot of attention was made to make the menus and how blocks appear and are laid out look and feel much better. There are also a number of new features for managing courses and blocks, including:
Built-in Progress tracking
Forced paths through a course
Conditional course completion
Enhanced testing and grading systems
Built-in RSS aggregation
Built-in blogging tool
A backup program that was actually able to backup my whole Moodle environment
Updated wiki engine that looks and feels much better
Oh, and you can flag questions… Not sure what I think of that one though. Anyway, just some initial thoughts. Moodle 2.0 won’t be out until the end of the year, but if you go ahead and start regression testing it, you might be able to do an upgrade over the summer!
Troubleshooting radius is a crappy task. But crappy articles don’t help:
To be more specific, the debug mode flag is -X (not sure why that was so hard). In that case it’s doing single server mode and the process cannot fork. You can also do the lowercase, -x (which is part of -X), or -xx for further granularity. In order to set the launchd item to debug mode you would therefore find the /System/Library/LaunchDaemons/org.freeradius.radiusd.plist file (only created once you’ve fired up RADIUS btw). From here, locate the array for invoking the command:
Change the -sf to either a -X or add an x or two in there as needed. I’ve also had to enable core dumps for troubleshooting RADIUS as well, which means editing the /etc/raddb/radiusd.conf file, looking for allow_core_dumps and changing it to an = yes instead of an = no. Anyway, just finishing their article for them as my own little core dump to you.
Microsoft is opening a few retail stores in the upcoming months, with the first having launched just last week, in Scottsdale, Arizona. The stores are similar in appearance to the Apple stores that can be found around the country, which has garnered much criticism. Although if you find a formula that works then you find a formula that works. Imitation is the sincerest form of flattery, right?
A number of videos have surfaced on YouTube showcasing the new store, although this seems to be the most informative regarding the products and layout of the store.
Overall, this is very interesting to me, although I don’t have any opinion either way about it. It simply is what it is…
While it’s not one of my books, my publisher does have a new book coming out right now called iPhone Advanced Projects, which I’ve been perusing and must say that I am pretty darn impressed with. In the publishers words:
iPhone Advanced Projects, the third book in our project series, takes on the more advanced aspects of iPhone development. The first generation of iPhone applications has hit the App Store, and now it’s time to optimize performance, streamline the user interface, and make every successful iPhone app that much more sophisticated.
Paired with Apress’s bestselling Beginning iPhone 3 Development: Exploring the iPhone SDK, you’ll have everything you need to create the next great iPhone app that everyone is talking about.
They also have iPhone Cool Projects and iPhone User Interface Design Projects, as well as a few others. There is some really great information within the covers of these books. I haven’t had time to read them cover to cover but have borrowed some of their sample code for my own projects!
Found this nice little tool called ScriptSaver today. Basically, when the screen saver in Mac OS X is activated and/or deactivated it will run an AppleScript. The AppleScript can call a shell script or you can write an application in AppleScript and choose it from within the script.
The developer has also made some sample AppleScripts available for use with ScriptSaver. For my purpose I just wanted to kill Safari, so I used an AppleScript of:
tell application "Safari"
However, I could have just as easily have used
One of the most important aspects of performing forensics work in Mac OS X is to write-block the volumes that you are inspecting in order to maintain the chain of custody for the evidence (or potential evidence). One way to do this is to use a physical write blocker so that when you plug a USB, SATA, eSATA or other type of drive into the write blocker you will only be presented with a read only volume on the computer. For example, some good write blockers can be found at Digital Intelligence. WeibeTech also makes a nice USB device for write blocking on the Mac.
But this can get kinda’ pricey because you often need to carry around a ton of fairly expensive devices to have one of each type that is required. So many choose to use software. On the Mac you can disable disk arbitration, which automatically mounts drives by moving the /System/Library/LaunchDaemons/com.apple.diskarbitrationd.plist file to another location, or simply stopping the LaunchDaemon. You can then mount volumes manually. But chances are this will become cumbersome. So BlackBag Technologies has announced SoftBlock, write-blocking software for the Mac that provides GUI control over the mounting and management of devices at the kernel level of Mac OS X.
When you plug a device into your computer, SoftBlock identifies them and then allows you to select whether to mount it as read-only or read-write. This is pretty similar in nature to how the Faronics DeviceFilter works, except instead of having management centralized to control whether you can mount a device in the first place this tool allows a user to control how each device will mount. Both are great tools and they’re apples and oranges, except in the fact that both appear to be built on the same concept.
Overall, I’m excited to see BlackBag release SoftBlock and happy to be testing in my lab right now!