Posted: August 30th, 2009 | Author: Matt | Filed under: mac | Tags: mac, review, snow leopard | No Comments »
There seems to be a big hubbub about the new release of Mac OS X 10.6, code named “Snow Leopard”. Rumours flying around the Interweb about anti-virus, Exchange integration and all that. I will be covering none of that. I will give you my impressions of the OS from my now rather brief interactions with it.
Installation.
After spending the R329 at the rather useless but very easy to spend millions iStore at Gateway, you get a very skinny, but as with everything Apple, very pretty DVD case with some gumph about the awesome that is Snow Leopard, a couple of stickers and the install DVD.
The install itself was a breeze. After running through the fix permissions stuff in Onyx as suggested by the sloping fore-headed man at the aforementioned iStore the actual install too roughly an hour. After which you reboot into the Snow Leopard desktop. I must mention that I only had 9Gig left on my 13″ MacBook so the fact that the install went through without a hitch is a big green tick to Apple and their techies…
The desktop itself shows now major changes to the previous iteration of Mac OS X. It does seem to be a bit snappier. Finder opens that little bit quicker and yes, I do have around 6Gig more space than when I started. That’s a big plus in my books.
Quicktime has got a major work over and it now looks much snazzier. Which is, as we all know, a major plus for everyone, because we all use Quicktime every day 
Day to day stuff
On a daily basis I use the following to get through my day…
Microsoft Office 2008
Tunnelblick
Things
Path Finder
Truecrypt
Vmware (and this was the important one)
I could go through the list of everything I use on a daily basis, but that would make for a very boring blog post to be honest. I have checked with the above list and it all seems to be working fine. I am working through my SANS course with the Tunnelblick, I’ve sent through a couple of emails and Vmware seems to be behaving itself. Big plus there…
So what doesn’t work ?
On my system ? Nothing doesn’t work. There were a couple of little things like the iStat Menus which I used, but that’s really not a show stopper. If anything, my machine is a little snappier, a little quicker off the mark but I have absolutely no technical proof of this. Sorry.
It’s the little things
Terminal. Terminal has a little button on the top right that looks like a little split screen. Click that little bad boy and you get…a split terminal screen. Awesome !!! For people like me it’s a very cool little add-on. It’ll be interesting to see how this works over the next few days.
So yeah. So far so good. Snow Leopard isn’t a major overhaul of the OS. But it was never meant to be. It was a fine tuning of the OS. A refining process. And from my point of view, it seems to have worked. I’ll keep you posted on how it goes over the course of the week. No doubt I will be very vocal on Twitter if anything goes awry….
Posted: August 26th, 2009 | Author: Matt | Filed under: One Liners | Tags: epoch, one liner, scriptable | No Comments »
Ever had the problem, perhaps with Squid access logs of getting human readable time from the printed Epoch time ? I know I have. And I always forget to save this one….
perl -e ‘print scalar(gmtime(1251265859.690)), “\n”‘
That’ll print the human readable time for 1251265859.690. Very handy….
You’re welcome.
Posted: August 26th, 2009 | Author: Matt | Filed under: Education, InfoSec | Tags: Education, review, SANS | No Comments »
SANS a French preposition meaning “without”
I’m probably just going to end up sounding like a completely besotted fan boy who’s looking for some free stuff or perhaps a night on the town with some older lady in a satin dress. What I’m really trying to do is let people know about the SANS training. A lot of people are probably trying to decide whether or not to spend the rather large amounts of money required to go on SANS training. Hopefully this will answer a few questions and clear up any doubt. I am not affiliated with SANS, they aren’t giving me free stuff and no one from SANS is going to take me out for a night on the town. In a nutshell, you’re going to get an unbiased opinion.
I am currently doing the SANS SEC560 – Network Penetration Testing and Ethical Hacking course via the SANS @Home / vLive. This means I have to wake up at 1am because silly me forgot to check the times that it runs in the States versus the times it is here in merry old South Africa. Good times.
Classes
You sign into Elluminate via Java Web Start which is a little scary considering the recent Apple / Java stuff. What you get is a paned “browser” type setup with the main focus on the slides they will be showing that evening in the class. There is another with a list of all the people in the class with a section to enter your questions. When the class runs you are able to ask questions / post opinions etc. to the entire class and have them answered in real time. Very cool. The instructors talk through the slides, giving opinions, “what out for this” and other such goodness. There was even a case the one night when Bryce Galbraith opened and shared his terminal window with the class just to show us something and drive the point home. I find this way of learning so much better than the usual book worming as I battle to just read through books or slides and then work through exercises.
Exercises
Yes, there are exercises, LOTS of them. You are given VPN access into “The Lab” where SANS have setup various machines for you to scan, exploit and generally play around with. Very cool. No reading about “oh, here this is what a scan looks like”, you actually run the scans yourself from a virtual image with all the tools required already installed. Did I say “image” ? Yes, you get a pre-configured Vmware image to run with all the various tools already installed and ready to run. No messing around trying to get stuff working 5 minutes before class. Oh, and the access to the “test” servers ? Awesome. Fire up the VPN, and run through the exercises in real time. Learn by doing…
Instructors
The current class is being run by Jon Strand, Ed Skoudis and Galbraith. I’m not going to say any more on these guys. Let’s just say they all engage the class completely. Questions from the class are answered promptly and accurately. If they can’t be answered an email is sent and the answer is given either at the end of class or in the next one. I’ve sent Ed and John a couple of emails both about the course material and a couple of “off topic” queries and both times I had an answer in my Inbox the next day.
So yeah, in conclusion, if you’re thinking about taking a SANS course or trying to decide between SANS and perhaps another provider, go with SANS. You won’t be disappointed. I for one cannot wait until I can go on some more training. Probably sometime in the year 2025 because of the Rand/Dollar problem, but we can only hope.
Thanks Ed, John and Bryce. You guys rock.
Posted: August 25th, 2009 | Author: Matt | Filed under: Conferences, InfoSec, Travel | Tags: cons, defcon, my views | No Comments »
How does one write a decent article about DefCon ? How do you truly convey the madness and all out chaos that is the weekend of DefCon to someone who likely hasn’t been ? I have NO idea. I’m going to attempt this, it’s probably going to fail miserably and you are going to think me mildly insane. I can, however, simplify this for you into one word.
GO!
Yes, it’s that good. If you are in any way interested in security or even networking (an not just the type with Cat5e cables) go. But I’m getting ahead of myself.
Prep
There are a number of differing opinions on the matter. Some people bring a vast array of hardware to play around with in the hardware hacking village, some people bring machines to attempt to spread malware and break into other peoples machines. Heck, some people even brought along a fake ATM machine to skim your banking details from you, but that’s beside the point. What it all boils down to at the end of the day is you are going to be connecting to what is considered to be THE most hostile computer network on the planet. End of story. This is drummed home by the dreaded Wall of Sheep. If you transmit ANYTHING over the DefCon network that isn’t encrypted, your credentials AND host you are connecting to are posted, in real time, to this “wall”. Not fun. That’s not to say someone isn’t going to be messing with your connection even if it is encrypted. Moxie had an awesome talk on how SSL is broken, check it out on the Blackhat Archives here. There were discussions on various forums and mailing lists as to what hardware to take and what precautions to use to ensure that you weren’t “pwned” along the way. I personally setup an EEPC 701 with a hardened copy of Linux and VPN software to connect out. Did I use this ? No. I ended up bringing along my trusty 13″ Macbook simply because I couldn’t afford to be disconnected from the Office 10000Km away. No, I did not connect to the DefCon network…In fact my machine stayed off for the duration of DefCon as there was simply far too much to do that didn’t require a working notebook. We will get to that.
Goons
Before going any further it’s worth mentioning the Goons. These are the guys and girls who attend DefCon and herd the many thousands of hackers around the conference. They have the most unenviable job out there. Not only do they miss all the talks and general shennanigans, but they have to ensure that we GET to see the talks and don’t end up killing ourselves by bungi jumping from the roof. I have no complaints about the Goons. They did an awesome job and while some could complain that they were a bunch of hard-asses, look at it from their perspective. I’d also be pretty gruff and terse if I had to deal with a crowd like that.
So, what’s going on ?
What goes on at DefCon besides the 5 rooms with various talks ? Well you have your choice of the following:
- Hardware Hacking Village
- Lock Pick Village
- CTF Arena
- Competition Floor / Food area
- Vendor Area
- Sky Boxes
- Big Room with old hardware and Team Fortress 2 Arena
- Chillout Lounge with DJ’s
So yeah, there’s ALOT to do. I checked out most of it. Got my hands dirty learning to pick locks. Played a little team fortress 2 against people I didn’t know. Attended the micro talks in the Sky boxes, bought “cool stuff” from the vendor area, checked out the teams competing in the Binjitsu CTF event, ate some really expensive food in the food area, took it easy to some great tunes in the chill out lounge and went to the Pauldotcom private party. Yes. I did. It was awesome. The PDC crew are a fantastic bunch. Had beers with Mick, spoke to John Strand about the course I was thinking about taking upon my return, got a t-shirt signed and generally had an awesome evening. The podcasters meetup was the same evening. It was surreal seeing all the guys I listen to on a weekly basis up close. Then getting to shake hands, swap business cards and have a cold beer with them once the recording stopped. Insane.
Talks, what talks ?!
Apparently they have talks at these conferences. Yes, I went to alot of them. But DefCon isn’t just about talks and learning things most people wouldn’t want to know in their life time. It’s about the parties and meeting people. And after 18h00 that’s exactly what happens. The doors open (or close) and there are any number of after hours “events” to go to. Being alone and not knowing anyone “in the loop” I didn’t do much. But hey, I hear there were some scary things going on around the Riviera that weekend
No, really, what talks ?
Yeah, the talks were all outstanding. The problem is (as I found out the hard way at Blackhat) there are so many great talks going on at the same time, it’s difficult to see everything. And believe me, you want to see everything.
Stand outs for me included:
But really, to go on and list all the great talks is just silly. There are so many great ones it’s so difficult to pick and choose.
What I found is that you would get 90% through the day and end up either meeting some random person (Johnny Long in my case) and spend the remainder talking “shop”. Someone said to me prior to heading over to Vegas that with the big conferences like Blackhat and DefCon you didn’t get to meet the speakers or anything like that. I don’t know if I lucked out but I spoke to so many of the guys I wanted to chat to. Hell, I even got two seconds with DT himself. I think he may have thought I was a little crazy because it was late on Sunday afternoon when I spoke to him and I may have been a little hopped up on energy drinks and fried chicken.
Wrapping up…
IÂ could ramble on about this for ages as for me it was the high light of the year. Both DefCon and Blackhat were so amazing, so much fun and at the same time, so humbling, I don’t think I could ever forget the experience in a hurry. To answer many peoples question to me upon returning: yes, go. Go if it’s the last thing you do. You will learn so much, be inspired by what you learn, by the people you meet and by what you get to do yourself. I for one will be doing everything in my power to get back there next year, hopefully with a couple of friends this time.
Posted: August 22nd, 2009 | Author: Matt | Filed under: One Liners | Tags: helpful, mac, one liner | No Comments »
Having a problem with cached DNS queries on your Mac ?
Fire up a terminal window and run the following command:
dscacheutil -flushcache
This will flush your DNS cache and you should be “A for Away” as they say back in the old country…
Have a grand everning