Thursday, November 13, 2008

Makes the blood boil.

So if I haven't already ranted at you in some way shape or form, you may not know of the Australian government's short-sighted plan to add us to the ranks of oppressive regimes such as Iran and China. In fact that is unfair as Iran's proxy is considered to be looser than the one Senator Conroy wants to implement.
The long and short of it is that Conroy wants to restrict what pages are available to Australian internet users. Sure it is for the kids (won't someone think of the children)… But as I have said to people I would rather my children see the entirety of the disgusting underbelly of the internet than have one single thought provoking site blocked. Not to mention the degradation to performance in a country that is already considered one of the worst in the world for connectivity. In Sweden groups appealed to the government saying 100mbps is welfare. Here most people are still on 1/200th that speed, and with Conroys plan that 1/200th would lose anywhere from 2-80% of its speed, welcome back to dial-up days.
There are a plethora of sites that are likely to be blocked because they aren't "kid" friendly. June next year you will probably see the below when going to user content generated sites such as Youtube and Facebook:

Here is a news flash senator; kids get hold of porn even if you restrict it, even in the pre-internet days. So what your doing will only have negative effects. Parents with no IT knowledge will have a false sense of security and not monitor their kids browsing habits, these same kids will find ways round your precious filter, and these methods that will become popular may even make it harder for parents and educators to monitor their usage.
The filter will slow down internet access and again the people with little IT knowledge will have no idea how to get around it for legitimate sites that are blocked. Then there is the cost which you are expecting ISP's to mostly cover off their own bat, which will increase internet costs in a country that already pays too much for too little.
Way to go Senator you deserve your award:

I feel lost; I don't know what to do. I feel as though someone has decided freedom of information is a bad idea, so let's mandate it. Then what do you do. Once the book burning starts it is hard to stop.
I have emailed the Senator and his opponents, and the letters are in the mail.
I urge everyone to look at the following sites and take action: http://nocleanfeed.com your silence is all they need to pass this and then you are no better than them.
Peace out all, except Conroy and his supporters who can just unplug their computers, televisions, and burn their books for the same effect they are trying to mandate.


PS: I am starting up a dedicated security Blog as I want to separate the two, this of course crosses both blogs so expect to see it on both. My new Security blog is linked on the left or here: http://security.morganstorey.com

Monday, September 29, 2008

Lets get Physical

On the way back from a very interesting an informative Microsoft Security Summit the other day and I noticed something that caught my eye.
Too many people concentrate on the hardware and software, and leave gaps. Gaps in the physical security, or gaps in the training of staff.
This photo shows off both.
29/09/2008
Seems a cleaner at the train station near me had left the door open to the area that she kept her cleaning supplies, the same area that had a rack with server, fibre switch, ethernet switch, patchpanel and other miscelania. Whats that you spy, yep the rack door is unlocked too. Click click and a bad guy is on the network, just plug in a wireless router and see what traffic you can capture, doesn't matter if this network is firewalled the best in the world, or even airgapped, game over.
Back on the security conference I attended it was very interesting, it was all covered under an NDA, except the bit at the end which I already talked about. I am starting a security group in Sydney, sponsored by Microsoft. So Jeff Alexander let everyone know, I had a heap of business cards handed over for people that wanted to be kept in the loop, it is very exciting that we have this much interest already.
Well Peace out all, and please lock your racks and don't put them in a room with a sink for the cleaner to use.

Monday, September 15, 2008

Sydney IT Security Group

So I had a chat with Jeff about starting up a Security group in Sydney similar to counterparts in Canberra,Melbourne, and Brisbane.
It is really a great opportunity and I have been looking for a security group in Sydney for years now, making do with going to security topics at other groups. I don't think it will detract from these other groups just expand on the security theme, going places other groups may not want to go as they are too focussed.
I'd like to get some comments here on what people would like to see and what night etc, but people rarely comment on my blog. So I will setup a site for the group shortly and we can duke it out there.
Peace out all.

Wednesday, August 27, 2008

Pretty lights

More on DNS I know. May as well be another person beating a dead horse. But I give you pretty: http://www.doxpara.com/?p=1206
It is a video of the patched and not patched world wide. It intrigues me that there is a blinking light on the map of Australia about 3 hours north of Adelaide, I doubt it is Alice Springs, to south, maybe Coober Peadie if my geography serves.
Onto some more supposition by me (mainly in reply to Dan [the guy who discovered the Researched the DNS flaw] here);
I agree with what has been said, that we need more security on an inherintly in-secure network. But some (percieved) anonymity and some plain text is good, and what the internet is all about.
Could you imagine every site moving to https, for starters what is the point, who needs to read my blog through an encrypted channel? Really why, I don't really have any direct post functionality, and only a handful of readers, it is not like I am directing them to blindly do anything either.
Onto DNS, I was thinking the other day of another way to fix the issue. Deploy a port knocking technique on the reply based on the query, so that ports would have to be knocked in the correct order on the DNS server pre accepting back the lookup. Similar to the way a person gets into a safe, knowing the numbers isn't good enough you need to know the sequence. This would stop NAT being an issue as the DNS server can make the request out on all ports getting an auto map back on these ports. And would be more secure as the attacker would have to guess the right ports to knock on the way back, or read the request and then generate the reply and reply back, but if they can do that they are already in the middle and its game is over.
What do you think?
Peace out all, especially Dan, good job.

Thursday, August 14, 2008

DNS woes continue... sorta

So as I said, and the original discoverer Dan said, it was just a patch. Not a fix, not a be-all and end all solution. A temporary patch. We already know some nat devices break the patch's fix. But from the looks here and here it can be broken. The first link even details how, but there is a caveat. It is not easy, and a lot of bandwidth with low latency is required.
The first article explains how they did it over Gige in 10 hours. So most DNS servers that are doing resolves for clients, are probably not even on 20mbs of bandwidth, and latency 10+ times that of ethernet, not including the clients themselves causing some load. So you could say it would take 10+ times longer to do this over the internet, so 100hours. Someone will hopefully notice at around hour 20… But it isn't that simple, what if some baddie hits a server with a mere 100 clients... (Most botnets are 10 times this size). Chaos again. We need a better fix. I mentioned before some kind of signed DNS, I am the first to admit I have gaps in my knowledge as I have never heard of DNSSEC, now I that have listened to the Blackhat talk I have heard about it. I had a quick look at wikipedia and the official site and it is interesting. Of course windows servers only support it as a secondary, also the glaring-hole of non NSEC3 servers allowing enumeration of sites is just plain silly. Seriously just hash The users request domain “Not Found” and add it to the RFC, done.
I think it should include the option for encrypting replies, may as well, could be useful for higher secure organisations.
This is a very real and very now threat, there are at least two pieces of software out there to attack it, one being the very good, but very newbie friendly metasploit.
Well I am pretty much just re-iterating and expanding on my comments on darknet but there you go.
Peace out all.

Geoffrey talking, and going loopy

So Geoffrey gave me a heart attack today (not literally) Fiona came in to have lunch with me and we went to the park. It was a lot of fun and really shows how he will talk if he wants something, "up again" kept coming when he wanted me to pick him up to the flying fox.
But the scary bit was when we were having fun, I was pushing him on the swing, when he decided to flip forward just after I had pushed back, he flipped over fortunately caught by the chain as he was in the little kids swing. I lunged forward and caught him... phewww.
Other than that is was a lovely lunch, Marion brought beautiful ham sandwiches and soft-drink, and Geoffrey and I ran around the play equipment like madmen.

Sunday, August 10, 2008

Social Engineering

I think possibly the equal first security threat facing all business today is that of Social engineering. I say equal first, because a lot of insider threats would probably fall under this banner. The employee, lets say his name is John calls up the helpdesk, he tells them his name is Sam, and that he has forgotten his password. You of course see where I am going with this, the helpdesk happily resets Sam's password, John knows Sam is out to a long lunch and has access to files he doesn't. He logs in as Sam, gets the files he needs and then logs out, maybe even leaving a post-it on Sams screen saying the helpdesk had to reset his password to blah, so the helpdesk doesn't get another call and get suspicious.
John know has all the files on his cheap USB disk, or in hard copy and does with them whatever it is nefarious people do with data to make a buck.
I have seen mitigation techniques for the one I mentioned above, all users have a password reset word, something they wouldn't have as a password and stored in plain-text for the helpdesk to see. This will mitigate it, unless John says he forgot it and to send someone down, the helpdesk guy may not know John or Sam, and as long as John is in Sam's office still acting like he owns the place he will probably get away with it.
Social Engineering is scary for another reason in that even non-technical users can do it. I remember I had a client once who had a relitively new employee call up asking for some permissions to files he needed for work. I knew his role was to do with those files and I knew his voice over the phone (as funnily enough he had moved from one client to another). Still I decided to call his manager to get the ok. She didn't give it, and was a bit distrubed that he had asked for the access. Horray one for the good guys.
Have a look here at how easily some guys doing a sprite commercial pulled off some non-harmful social engineering.
Here is a very thourough article on the subject.
And here is my first shirt design on cafepress, totally on topic.
Really though combine some social engineering with technical knowledge the smarts to think of the good-guys mitigation techniques and the connections to make money off your exploits and you have a major foe to be reaconed with.
I think in future we will need to audit our people as much as we do our security systems. Having someone who won't suffer the repricussions of the law come in randomly and do spot checks would keep people on their toes, but it also comes down to having the personal touch, knowing people by name, by their voice, by their face. Maybe the solution is smaller decentralised IT departments, say one for each department and at least one at each site, this lessens the body of knowledge but increases the likelyhood of the staff member knowing the other. I don't know, someone will come up with a solution eventually.
I have decided to use tags to seperate the posts, so no more personal stuff in the security tagged posts.
Peace out all.

Off to the zoo

So today we went to the Zoo and Geoffrey let something interesting go. He knows how old he is about to be. When asked when he felt like it he replied with are hearty THREEEE. Ahh it is good to see. It has been about six months since his operation and he is picking up new things everyday.
Anne is walking and has added to her repitore of Mama and Dada and Baba other interesting little noises and words. She got a new little outfit that was terribly cute, a pair of stockings with a bustle at the back, to go perfectly with her little yellow dress with pedicoat. We had lots of fun at the zoo before the down-pour began.
Speaking of downpours I heard it snowed again in NSW, just south of Wollongong last week. That makes two 100+year events in the last few weeks, the weather certainly is variable at the moment. I heard a good saying the other day "Climate is what you expect, weather is what you get", it certainly is what we have been getting lately: Short bursts of rain, followed by nice hot days, when will it end.
Peace out all

Friday, July 25, 2008

DNS Vulnerability

There has been some speculation and even backlash on the internet about the recent DNS vulnerability, I posted about it here. Interestingly some people are saying that the vulnerability should have been disclosed when discovered.
This is plain silly. To put it in simple terms with a car analogy (I love car analogies); if a saftey tester discovers that every single Toyota Corolla on the market (the number one selling car, 35million world wide) bursts into flames (props to fight club, note: Corollas don't afaik) if you crash at exactly 35 kilometers per hour. If he just posts this on his blog a few things will happen; everyone will know in about two seconds. The next day 35million Corolla owners will demand a refund, either destroying or severly damaging Toyota and its employees, and hooligans will wander around car parks with sledghammers hoping to hit one with the lucky 35kph speed.Basically what I am saying in a rather confused and overly long analogy is if this had been disclosed pre-vendor patch-release their would have been lost confidence in the whole internet, there would be lost jobs and money from the lost
confidence alone. Then the real fun would begin, prior to the patch being released someone would write a script to take advantage of the vulnerability, this script would then be morphed into several gui tools, and every script kiddie and his bot army would take down sites worldwide for fun and profit.
I am not saying it would have been an internet dooms-day, it could have, but the internet is pretty robust. But it would have been very damaging had the vendor patch not been released, there would have been loss of income and loss of jobs.
I agree with the way it was done, but maybe it could have been done a little sooner if you do a google search DNS cache poisoning is not new in the slightest, have a look at the wiki article. Birthday attacks are a common similar variant, I have even been involved with a cache poisoning issue a couple of times, first back in 2003. Both times I couldn't capture the culprit, there was just too many packets to wade through, but the problems were solved.
I do agree with what I have now read, maybe we need to move across to some kind of signed DNS, either SSL Dns or some kind of signed cert, like gpg and its signed keys.
We could setup the root servers all with a cert or signed key that all DNS servers are set to trust, just roll it into an update or new DNS installs then slowly cut over, then if you want to say use your ISP's servers as forwarders you could simply implictly trust the key or they could buy a signed cert (I can hear Verisign/Thawte licking there lips from here).
Supposedly due to some disclosure there maybe a script kiddie tool out soon to exploit this vulnerability, and with most NAT devices (see routers) turning patched servers into vulnerable ones and some of these routers not being patched/patchable it is only a matter of time. So everyone PATCH your servers please.
In other news, today was a snow day...yay. That won't be exciting for most northern hemisphere residents, but us here in the southern hemisphere, rarely see snow. We would have got about an inch or two, so Geoffrey and Anne saw snow for the first times in their lives; see my Flickr here, and see the video I uploaded to my Youtube here.
Peace out all, even those naysayers that say snow ain't cool.

Monday, July 21, 2008

Here be dragons


If you haven't seen this yet have a look. Yes the brilliant webcomic xkcd sometime ago did a Map of the internet, I used to have this posted on my wall at work so the newer employees could come have a look when they were visiting to ask a question, it really shows how immense it all is.
But then while looking at one of my bookmarks on network security using darknets for a post on an internet forum I found this: a map of malisciousness. Awesome. It really is interesting to see the concentrations of either compromised machines or general evil-doers in the world. The thing that gets me and got me when I first looked at it was why is the 10.0.0.0 range have so many hits, its a private range, then I looked closer. Why are a few of the "bogan" address ranges getting hits. The only thing I can think is IP spoofing, and if so who would spoof a 10 address. Why not spoof 1.3.3.7 (fun) or something else, everyone knows 10 is internal... anyway post your thoughts.
Oh yeah we haven't quite won the DNS thing yet either. The multi-vendor patch was just that a patch, there are still inherent flaws in the system. Like the new one disclosed with DNS that passes through NAT (see most DNS servers as NAT means some decent IP sharing) it is annoying but it is a fight we have to keep on. See here for the article. It is basically NAT routers being lazy and not letting the port be the random one that the DNS server wants it to be. This randomness doesn't make DNS invulnerable to the poisoning attack I mentioned earlier, it just makes it much, much harder. So to have some routers (people like netgear don't release patches after it is 5+ years old) destory the hard work must be really annoying.
Yep I am dedicating this blog now to more security related topics like the one above. I am still going to keep an update on the kids and all things family. Like little Anne who all of sudden decided she didn't want to be immobile and is not only started crawling in the last few weeks but also pulling herself up to stand and also taking little steps (as long as her hand is held, or holding on to something). She has even said Mama, and what sounded like more after she stole a biscuit from me.
Geoffrey is really coming along too, he is saying Daddy and Mommy more and more, and when annoyed Morgan and Fiona come out too.
Peace out all, except those to Lazy to fix their NAT code.

Sunday, July 13, 2008

DNS vulnerabilites and Sydney IT Security Group


101 posts, yay.


Not really as I imported all those journal entries from 2003 and before, so it is more.
On family news, Anne is trying to walk, and Geoffrey is in potty training. She is only 9 months old, and only crawls when on carpet but she is stubborn. She sees Geoffrey walk and wants to run after him, she pulls herself up onto the coffee table or kiddie couch and looks around, heck she even tries to stand on the spot; which just means she ends up with her bum in the air, her legs straight and her hands stretched down to the ground to steady herself.
I have been going at my new job now for a few weeks and am starting to get the hang of some things. It is a little odd though with all of the people in my team being in a different state than me, and having met none of them other than my boss Jamie, who came up my first week to train me.
I am getting to know the guys in the different groups around me, from technical services, and Infrastructure. We play table tennis on Fridays and I am not the worst one here...YAY.
This is why we run Linux at home: (even Billy G has issues with Windows) , you want to install something, no need to run a web browser to find all the bits you need. Then hunt, hunt, fill out a form telling them your name, date of birth and pant size. Just either apt-get install "program name" and it gets all the stuff it needs. Or run synaptic.
*Now onto security.
As you may or may not have heard there was a big update released for basically the whole internet. See here and here for a test of your own dns.
Basically it boils down to a bad guy being able to put incorrect entries into your ISP or works DNS cache that would point you to the wrong site. So instead of going to google.com it could take you to a hackers version, or whatever. This would also effect email.
Now this kind of thing does happen occasionally, but this was seen as such a big issue (it could basically destroy the internet if unchecked and unpatched), that CERT who handles these issues let all the Vendors and developers know. Giving them time to write a patch for release on the same day. Very, very impressive.
Not only Microsoft but Unix, Linux, BSD , Cisco, Checkpoint, all of them released a patch for their varied DNS implementations. Yahoo who uses an older *nix implementation of DNS, Bind8 managed to simply comit to abandoning it in favour of the newer patched Bind9.
The question I put forward, is this finally a time of security as an institution. Security how it should be done, globablly. Sure it is still relying on Admins at the other end, but with Auto updates being the norm, it should be fine. This to me seems a step in the right direction, and I am sure even a couple years ago this wouldn't have happened. Will this one day lead us to a security utopia free of vulnerabilites and insecurites, no. But it may lead to sharing and assistance cross platform.
Speaking of security, there is talk of an IT Security group being started up in Sydney, and I maybe taking the reigns. It will be sponsored by Microsoft but if I take the reigns I plan on being vendor neutral, all-be-it Microsoft has some nice claims to fame, and even with all their foibles and hatred that is flung at them, they do try and do some stuff right. Operating systems are tools, you should use the right tool for the right job.
Peace out all, specially those lovely CERT engineers.

Sunday, June 22, 2008

The times they are a changing.


I have decided to remove the old standard picture up the top to make the blog more central. It has been there since I had my website on geocities in 97, so it is over 10 years now.
Other changes have happened. I got a new job and have started: Internal to a company as a Security specialist. I started Wednesday. So far it has been a very good experience, almost everything I have seen has been setup in a way that I would do, which is a good sign. Even have a table tennis table and I am not the worse player in the IT team.
In other news Marion bought us a yearly Zoo pass so Geoffrey, Anne, Fiona and myself have gone to the Zoo a couple of times now, check my flickr for some of the photos. Another photo you will spot there is our care hitting 666km.. heheh. It has gone well beyond that ominous number now, and even had it's first service.
Today we had a nice morning tea with Anthea and Michael, and Geoffrey was sad to see them go. Geoffrey has started drawing and painting, he has chalk and loves chalking the coffee table, so I am looking over at our chalked table... He is cute, he has started playing mummy and daddy against each other too, when one of us says no, he looks at the other for input.
Well I guess that is enough of my inane ramblings.
Peace out all.

Thursday, May 22, 2008

Happy birthday to me


So my birthday has been and gone, probably not the best in memory, but it happens. I did however get a new job, in dedicated security, which is awesome. We also got our new car, a Hyundai Elantra.
Anne is now crawling, and Geoffrey is talking more and more when he feels like it, saying things like thankyou, and apple, best yet has been trying to say helicopter he said applecopter.
My site is now hosted externally and backed up to my servers at home, as our power bill and the heat in (even though it is winter) in the server room was ridiculous. When I have time and more money, I will get the site back locally, but the superb performance of Google apps has really turned me towards outsourcing the hosting of our stuff, it is not like there is any data in our email or websites that is confidential.
I even found an add-on for firefox that allows me to use GPG through my google apps, so that is soon to be setup with my old morganstorey.com key.
Scary change in the world of security, see here. The good ole US of A, has decided to pass legislation that all devices that can store data coming into the USA can be copied in its entirety to their storage. This data can be kept indefinitely. I am sure this will mean that it will be indexed, anything encrypted will be brute forced and broken, and hey some senator may make a fortune when he sells it on to marketers, spammers, and the like.
The general consensus is to backup, delete then wipe your drive of pretty much any personal data or corporate data, something like eraser works well here, then simply fetch the data over some kind of VPN or secure connection from your server when you need it. People have even gone to lengths of removing their "home" hard drive, and plugging in their "traveling to the Draconian states of America" drive.
Sure their could be some terrorist smuggling in data on how to build a bomb... there could be but couldn't he/she just surf the net and find 70billion ways to do this when he gets into the country.
I can see how this is going to increase the need for teleconferencing, and reduce people's desire to take business trips to the USA. It is already happening with some companies moving their head office's elsewhere in the world.
Well Peace out all, especially the American's they need it the most.

Monday, April 28, 2008

Happy birthday Anthea


Sorry for not calling I have been flat out with work, then home to more work... lovely, but it pays the bills I'll call tomorrow I promise.
In other news Anne has started holding onto stuff and sorta standing for a second before Mummy catches her, gonna post a picture to my flickr now. Oh yeah I got flickr and youtube , and facebook . Yay I am (cringe) web 2.0.
Well I am beyond exhausted now, I had 5 hours sleep last night and have been working since 8am, so I am off to bed.
Peace out all.

Saturday, April 26, 2008

Movement at the station


So I have decided to finally signup for google apps. Previously I had my DNS provider forwarding my mail to my gmail account, a temporary measure as my mail server was down. But now I see no point having my own mail server, especially when google apps is free, and has more redundancy (7 mail servers!) than I could ever offer.
I also had an issue that my DNS provider had implemented a draconian and over zealous spam filter, who checks that the reverse DNS matches the sender domain, sheesh. Other than this debacle they have been pretty good.
Problem was I have about 18months of email that I needed moved across. Sure I could just forward from googleapps to gmail, but whats the point of that. Now how to move it across. I found a nice guide here, but it needed some tweaking to run on my home server, I didn't have enough email (or money) to justify running it on the amazon compute cloud. Below is how I did it on my new Ubuntu Hardy Heron Server.

as I am ssh'd into my server, I ran screen
#screen
#apt-get install imapsync make unzip lynx
#cpan
cpan> install Date::Manip
#vim run-imapsync.sh


now type/copy and paste in the below and save it (escape+:wq)

#!/bin/bash
COUNTER=0
while [ $COUNTER -lt 10 ]; do
echo The counter is $COUNTER
imapsync --host1 imap.gmail.com \
--port1 993 --user1 morganstorey@gmail.com \
--passfile1 ./passfile1 --ssl1 \
--host2 imap.gmail.com \
--port2 993 --user2 me@morganstorey.com \
--passfile2 ./passfile2 --ssl2 \
--syncinternaldates --split1 100 --split2 100 \
--authmech1 LOGIN --authmech2 LOGIN \
--regexmess 's/Delivered-To: morganstorey\@gmail.com/Delivered-To: me\@morganstorey.com/g' \
--regexmess 's///g' \
--regexmess 's/Subject:(\s*)\n/Subject: (no--subject)$1\n/g' \
--regexmess 's/Subject: ([Rr][Ee]):(\s*)\n/Subject: $1: (no--subject)$2\n/g'
let COUNTER=COUNTER+1
sleep 10m
done


save it (escape+:wq)

chmod 740 run-imapsync.sh
./run-imapsync.sh


A bit of explanation on the changes I made, I removed a -maxage 1 from the script as that was only pulling down emails 1 day or newer in age. I also added the loop so that it would repeat the process to make sure all mail is gotten, and I added the sleep as the original article put it you don't want to hammer the google IMAP servers or they will block you.

Then just export the calendar to ICS and import on the Google apps one, export the contacts to CSV and import to the new Google apps, and just in case there are any people emailing your google address direct set it to forward to your new google apps and your done.

I also intend eventually to use some other method to backup Fionas and My google mail at regular intervals, not because I don't trust google (hey I am posting this through blogger, and get most of my news through google news, or my google rss reader), but becasue I like having backups.

This is all even more humorous, when I tell you the book I am reading at the moment; The Google Story, by David A. Vise. Ryan from work loaned it to me, and there is now a time limit on reading it as he has given his notice.

Well sorry about the long and technical post, I am starting to do them a bit more now, but well see, I am sure this blog will get back to its usual unusual ramblings.

Peace out all, especially the bright cookies at the Googleplex worldwide.

Tuesday, April 22, 2008

Quick Post


I post this as I go over the Sydney harbour bridge, yep got my nokia n95 mobile working on ubuntu, was pretty easy once I worked it out, config below for prosperity. Ubiquitous internets, I love the world we live in.

First my phone is plugged in via usb, bluetooth is good and all but this means I can use my phone for music at the same time.
you need to install wvidail
then run wvdial conf
then edit the /etc/wvdial.conf to the below.

[Dialer Defaults]
Modem = /dev/ttyACM0
Baud = 1152000
Init1 = ATZ
Init2 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
ISDN = 0
Modem Type = Analog Modem
Phone = *99#
Username = vf
Password = vf
Init3 = AT+CGDCONT=1,"IP","vfinternet.au";
Stupid Mode = 1

Gotta go about to go into tunnel.
Peace out all.

Saturday, April 19, 2008

Hey nice set a wheels


Today we bought a new car. A Hyundai Elantra. You know you are getting old when not once in a car sale conversation power or speed come up. It was all about saftey. I will say one thing the salesmen at Hyundai in Pennant Hills do a damn good job, they had has a pegged and sold on every feature they suggested.
So in two weeks we should have some new wheels, with more room for the little ones, and a bit more power and fuel economy for us. We plan on keeping it for as long as possible which is why we went the new car, and a 5 year unlimited Kilometer warranty really got us.
In other news I am really liking admining my new server. It is so easy now to admin apache and bind. I didn't even get around to installing a web admin package everything by hand is easier. Heh and again deny-hosts did its thing and blocked some compromised zombies, or script kiddies. People really need to program there bots better, trying username: "root" and password: "password" repeatedly till you are blocked is about a smart as piece of granite.
Peace out all, even those on the darkside; the botmasters.

Tuesday, April 15, 2008

It's been a long time..I shouldn't have left you.

Lets see if I even remember how to do this
So it has been since November the year before last since I last posted. Admittedly my server did die, and I never got around to having time to fix it. Well now I have. New server, faster, better, stronger.
There has been a lot of change in the last 18+months. Geoffrey has a Sister; Anne Storey. Both are growing, and Geoffrey has started talking. All-be-it intermittently. He had an issue with his ears that we have fixed and now He says a plethora of things, his favorite, being numbers. He can count all the way to ten and back again, and we believe he can even read numbers. They are the universal language so I couldn't be more proud.
Anne has grown up a lot in the last 6months, it is incredible. She seems to be trying to communicate through raspberries. She is definitely Geoffrey's sister they are as cute as each other. She is enamored with her brother desperately watching him run around the room, and laughing at his antics, he even tries to make her laugh or gives her a hug or Eskimo kiss, when he isn't trying to steal her dummy.
Fiona has finished her first semester in Law and is loving it, as I knew she would.
I am still working as an IT consultant with Insight, and I finally finished my MCSE (Microsoft Certified Systems Engineer, you may ask why this server is hosted on Linux, well just cause I know MS doesn't mean I prefer it), not only that but I did my Security specialization. Yay ME. I am now working towards my CCNA, and my lab is getting better and larger and larger.
Seems more like that was a recap than a blog post, which I guess it was.
Peace out all.
eXTReMe Tracker