I totally agree. They started "monitoring" all email traffic here at work and I just started using secure shell tunnels back to my house. Between mutt and rdesktop I have all the access I ever need. And all the cisco weenie can see is garble.....
So you eat bateria to kill a virus. (I thought viruses merged with your DNA...). But then you will probably have a reaction to the bacteria. Sooooo then they will give you a drug to fight the reaction. But then the drug will cause strange side effects. They will give you other drugs to fight the effects of the side effects. Thus giving you MORE side effects. (I am beginning to see a nasty pattern here...) So then you will probably get sick of this and try herbal remedies to ease the side effects. That won't work so you will take up drinking which will destroy you liver and give you heart disease... This will necessitate MORE drugs. (Repeat previous steps.) In the end you will still die anyways... At least it will keep you busy on the way though, eh?
Especially when they are on the forefront of human rights issues.... You can run over students with tanks and force sterilize women but hey let's be EXTRA CAREFUL that the weather goes good for the games...
As a "fundamentalist" Christian I must say I do find that quite offensive. BUT I would rather you be able to say it. Cause if you have the right to say that, then I have the right to say this:
Romans 5:6-8 For when we were still without strength, in due time Christ died for the ungodly.
For scarcely for a righteous man will one die; yet perhaps for a good man someone would even dare to die.
But God demonstrates His own love toward us, in that while we were still sinners, Christ died for us.
A sys admin who loves Jesus, WHAT is the world coming too???
I actually emailed SANS and asked if there were "scholarship" programs. Here is the text of my email and their response.
Delivered-To: dcooley@panicdump.org Date: Wed, 5 Jun 2002 18:34:16 -0400 From: Beth Corcoran To: dcooley@panicdump.org Subject: Re: Payment Options In-Reply-To: User-Agent: Internet Messaging Program (IMP) 3.0
Quoting Don Cooley:
> SANS folks, > > I don't know how exactly to ask this so I will just explain my situation. > > I currently work at a startup dot com. > > They have cancelled all training and let go of everyone in IT except me. > > I am the lone Windows/Solaris/BSD/Linux admin. (I am learning wireless/Cisco > also) > > I live in Denver. I would really LOVE to go to SANS this year. > > Do you have any scholarships for systems/security admins? > > I would also be willing to do data entry, technical reviews, (I have done one > for O'Reilly) > etc... "insert odd job" for the chance to go the SANS conference this year. > > Please let me know if there is any way I could *work off* the price of the > tuition. > > Thanks for your time. > > Don Cooley > Systems/Security Administrator > http://www.panicdump.org
Hello! We do have a Volunteer program where you help the SANS staff "run" the conference. You are required certain things, time, labor, etc., that other attendees are not obligated to do. For more information, please visit http://www.sans.org/conference/volunteer.ph p . The dealine to apply for SANS Rocky Mountain is July 1. Please let me know if I can be of further assistance.
Sincerely, Beth Corcoran Tuition Office Manager The SANS Institute tel: (540)548-0977 fax: (540)548-0957 beth@sans.org www.sans.org
Just look for a SANS coming to a city near you and be a slave for a week.
I couldn't even get them to spend $60 for donation/t-shirts/posters ANYTHING to the OpenBSD/OpenSSH project. Cheap jerks. So I spent some money with them myself.... The wife looks good in an OpenBSD t-shirt...
The "security" admin there wanted to load F-Secure on everything. Except he didn't know how to load it. I was tasked with "implementing SSH..." I loaded OpenSSH on all the Sun boxes (90+). Loaded up putty for all the developers and started shutting off telnet/ftp. The F-Secure sales rep called me to see "how things were going". I told him we were going to go with OpenSSH. He asked about support... I laughed at him. 2 weeks later a major hole surfaced in SSH (OpenSSH was not vulnerable to this one.) and F-Secure was the LAST vendor to come out with a fix, ala 2+ weeks later.
I have OpenSSH running on my HPUX box, all my Sun boxes, all my Linux boxes, and of course my OpenBSD boxes. If OpenSSH is good enough for Sun/HP/Redhat it ought to be good enough for your managers. If not it might be time to go Bofh on them.... Just load it on there and then tell them you *didn't realize* it was already on there.... Then stuff them in a tape safe...
I totally agree... I needed experience with HPUX so bad that I bought my own HPUX server. (I already have a Sun and am looking at getting an RS600)
If you can't give them an onsite loaner then get them remote access to one. (i.e. a seperate lab hanging off of a DSL line or something with secure shell access.) Network Appliance has a "walk in" lab here in Boulder that they let us "check out". Nothing beats hands on experience, and you will build goodwill with the admin community. It would also be advantageous to include a *cheap* training course with the product. With a bad market no one is spending extra money on training. A deeply discounted training course would get you brownie points with the admins too.
Don't worry I always carry an umbrella... I was busy getting a business degree while you were doing Netware. The job market sucks BIGTIME right now. I am at a dot.com that may soon turn into a dot.bomb. Hopefully I will find something before that happens. I have been looking for hard for about 3 months now. I could have had 3 or 4 positions for security IF I wanted contract work. Any good suggestions where to look? The job boards are pretty much worthless. I appreciate any suggestions.
I live in Colorado and with 9/11 and all, the defense contractors are hiring like mad. The only problem is getting through their HR. (Horribly inept according to Engineers on the inside.) With a Republican strong hold you can expect defense contracts to be strong for the next couple of years at least.
SSH = VPN on the cheap! OR cheat the firewall...
on
SSH, The Secure Shell
·
· Score: 2
I have a couple SSH gateways at work. Everyone else was struggling with the VPN and were having trouble getting stuff working. I started screwing around with port forwarding and now I work from home a lot. I am in charge of the Unix/Windows systems. TightVNC and rdesktop are my friends...
Here are a few examples for people confused by SSH port forwarding:
TightVNC ssh -l username -C -L 7777:internal.vnc.box:5900 ssh.gateway.box vncviewer -compresslevel 7 -quality 1 -depth 8 127.0.0.1:7777 (On Windows the VNC port starts at 5900 on Unix it is 5901 or 5902 or whatever your desktop says it was set to for vncserver...)
To forward X from a remote host ssh -l username -C -L 8811:internal.unix.box:22 ssh.gateway.com ssh -l username -p 8811 127.0.0.1
To punch a hole in a restrictive firewall (i.e. don't allow ssh gateways...) From your workstation that you want to reach from the internet: ssh -C -l root -R 22111:your.work.station:22 your.fire.wall From your firewall: (Make sure you open the port on the firewall...) ssh -p 22111 localhost
You can run the command every 15 min from cron or whatever on your workstation at work, or put a sleep statement in, so you can access it from home.
Theologically speaking no. In the realm of Theology "rising from the dead" always carries with it the idea of the *entire* person rising from the dead. (Body/Soul/Spirit) Without the personality/mind/memories its just atoms grouped in the exact same form as a previous bunch of atoms.
Which leaves us with the bigger question. Do people have souls which are immaterial? (I believe they do) and you can't clone something that isn't contained in DNA....
Nothing disturbs an end user more then when you email them their old password,
(You have changed it to something hideous now...) and warn them that you can read their email.
If you use Microsoft systems then use the password "Account Policies" options to increase password length/complexity values.
If you use Unix try npasswd to enforce difficult passwords.
The most important factor is to get Management buy in. Try cracking some VP's passwords during a "standard audit". Help them come up with a creative password. (First letters of a phrase work good. Throw in some numbers/metachars..)
Once I had Management buy in it was smooth sailing. Just hold their hand for a while.
Now it is just me doing Solaris/Linux/BSD/Windows 2000 and acting as backup Cisco guy....
I have been watching the job boards for a while and have seen TONS of postings for Unix admins with MCSE's and Cisco certs????
OR Developers who are also Oracle DBA's with SA experience.
A couple of recruiters have confirmed this and told me that the companies are asking for everything from tech workers now. Its really silly of companies to do that. No one can be an expert at everything. Something has got to give. When it does the company is gonna pay heavily for it.
telnet exploitable.sendmailserver.ru 25 Trying 64.28.67.150... Connected to exploitable.sendmailserver.ru 25 Escape character is '^]'. 220 exploitable.sendmailserver.ru ESMTP Sendmail 8.6; Mon, 13 May 2002 21:59:49 GMT
helo dieiplawyersdieiplawyersdieiplawyers...250 chars... 250 exploitable.sendmailserver.ru Hello [spoofed.ip.address], pleased to meet you mail from: ip-lawyers@ibm.com 250 2.1.0 ip-lawyers@ibm.com... Sender ok rcpt to: idiot@panip.com 250 2.1.5 idiot@panip.com... Recipient ok data 354 Enter mail, end with "." on a line by itself Subject: Notice of pending lawsuit To whom it may concern, It has come to our attention that your company .....legalese sounding stuff......
. 250 2.0.0 g4DM4ix07327 Message accepted for delivery
Repeat with messages from amazon, us government sites, etc...
Quote: "(for the LAST TIME idiots, we don't want to take away your guns, we just want to keep them out of the hands of kids!)"
I am not quite sure what you intended by that statement but the only person looking like an idiot is you. Facts to prove this:
1.) Columbine shooters also had pipe bombs. Huh, last time I checked those are totally illegal.
2.) Columbine shooter had a "sawed off" shotgun on his dresser. Parents saw and did nothing. Huh, last time I checked "sawed off" shotguns were totally illegal. So is a child owning a gun you did not give him/her.
3.) Calling the gun lobby stupid/idiots because there are some wackos is a Hasty Generalization.
4.) Charlton Heston Quote: "When gunmakers are responsible for criminal acts and no-one is responsible for OJ Simpson's acts, something is wrong"
I am not even an NRA member or and active gun "shooter".
This bill isn't doing anything that isn't already in place for minors.
You fail to see the irony in your argument. You argue that it is NOT the video games fault, but then argue that it IS the guns fault. Evil happens in this world EVERYDAY. If all the guns were magically gone tomorrow people would still be killing each other.
I admit that a gun can do far more damage than a knife/club/etc... But can it do more damage then pipe bombs with shapnel in them??? BOMBS are totally illegal but they were still present at the scene. (And are currently being spread around the US. link)
It all comes down to human responsibility. Both you and the congressmen/women miss that.
Slashdot Mirror
If anyone has done this kind of stuff before these guys/gals have.
Visual Slick Edit for Linux. I have the 6.0 version for Linux and it works pretty good.
Or if you are 133t you can just use vim
They started "monitoring" all email traffic here at work and I just started using secure shell tunnels back to my house. Between mutt and rdesktop I have all the access I ever need. And all the cisco weenie can see is garble.....
My
But then you will probably have a reaction to the bacteria.
Sooooo then they will give you a drug to fight the reaction.
But then the drug will cause strange side effects.
They will give you other drugs to fight the effects of the side effects.
Thus giving you MORE side effects. (I am beginning to see a nasty pattern here...)
So then you will probably get sick of this and try herbal remedies to ease the side effects.
That won't work so you will take up drinking which will destroy you liver and give you heart disease...
This will necessitate MORE drugs.
(Repeat previous steps.)
In the end you will still die anyways...
At least it will keep you busy on the way though, eh?
You can run over students with tanks and force sterilize women but hey let's be EXTRA CAREFUL that the weather goes good for the games...
Way to focus on the important things in life...
--Curse you Debian users...
Yeah, what he said.....
CmdrTaco: Curse it all... Another slow news day. We must do SOMETHING to keep the traffic up.
Timothy: You aren't thinking....
chrisd: Please God no, not again.
CmdrTaco: Drastic times call for drastic measures boys... Release the Katz..
chrisd: *sobbing*
CmdrTaco: May God forgive my soul.
As a "fundamentalist" Christian I must say I do find that quite offensive. BUT I would rather you be able to say it. Cause if you have the right to say that, then I have the right to say this:
Romans 5:6-8
For when we were still without strength, in due time Christ died for the ungodly.
For scarcely for a righteous man will one die; yet perhaps for a good man someone would even dare to die.
But God demonstrates His own love toward us, in that while we were still sinners, Christ died for us.
A sys admin who loves Jesus, WHAT is the world coming too???
Jesus loves you, you stinky little troll...
Delivered-To: dcooley@panicdump.org
Date: Wed, 5 Jun 2002 18:34:16 -0400
From: Beth Corcoran
To: dcooley@panicdump.org
Subject: Re: Payment Options
In-Reply-To:
User-Agent: Internet Messaging Program (IMP) 3.0
Quoting Don Cooley
> SANS folks,
>
> I don't know how exactly to ask this so I will just explain my situation.
>
> I currently work at a startup dot com.
>
> They have cancelled all training and let go of everyone in IT except me.
>
> I am the lone Windows/Solaris/BSD/Linux admin. (I am learning wireless/Cisco
> also)
>
> I live in Denver. I would really LOVE to go to SANS this year.
>
> Do you have any scholarships for systems/security admins?
>
> I would also be willing to do data entry, technical reviews, (I have done one
> for O'Reilly)
> etc... "insert odd job" for the chance to go the SANS conference this year.
>
> Please let me know if there is any way I could *work off* the price of the
> tuition.
>
> Thanks for your time.
>
> Don Cooley
> Systems/Security Administrator
> http://www.panicdump.org
Hello! We do have a Volunteer program where you help the SANS staff "run" the
conference. You are required certain things, time, labor, etc., that other
attendees are not obligated to do. For more information, please visit
http://www.sans.org/conference/volunteer.p
Rocky Mountain is July 1. Please let me know if I can be of further
assistance.
Sincerely,
Beth Corcoran
Tuition Office Manager
The SANS Institute
tel: (540)548-0977
fax: (540)548-0957
beth@sans.org
www.sans.org
Just look for a SANS coming to a city near you and be a slave for a week.
Hope that helps
Cheap jerks. So I spent some money with them myself.... The wife looks good in an OpenBSD t-shirt...
The "security" admin there wanted to load F-Secure on everything.
Except he didn't know how to load it. I was tasked with "implementing SSH..."
I loaded OpenSSH on all the Sun boxes (90+). Loaded up putty for all the developers and started shutting off telnet/ftp.
The F-Secure sales rep called me to see "how things were going".
I told him we were going to go with OpenSSH. He asked about support... I laughed at him. 2 weeks later a major hole surfaced in SSH
(OpenSSH was not vulnerable to this one.) and F-Secure was the LAST vendor to come out with a fix, ala 2+ weeks later.
I have OpenSSH running on my HPUX box, all my Sun boxes, all my Linux boxes, and of course my OpenBSD boxes.
If OpenSSH is good enough for Sun/HP/Redhat it ought to be good enough for your managers. If not it might be time to go Bofh on them....
Just load it on there and then tell them you *didn't realize* it was already on there.... Then stuff them in a tape safe...
If you can't give them an onsite loaner then get them remote access to one. (i.e. a seperate lab hanging off of a DSL line or something with secure shell access.)
Network Appliance has a "walk in" lab here in Boulder that they let us "check out".
Nothing beats hands on experience, and you will build goodwill with the admin community.
It would also be advantageous to include a *cheap* training course with the product. With a bad market no one is spending extra money on training.
A deeply discounted training course would get you brownie points with the admins too.
My
The job market sucks BIGTIME right now. I am at a dot.com that may soon turn into a dot.bomb.
Hopefully I will find something before that happens. I have been looking for hard for about 3 months now.
I could have had 3 or 4 positions for security IF I wanted contract work.
Any good suggestions where to look? The job boards are pretty much worthless. I appreciate any suggestions.
The only problem is getting through their HR. (Horribly inept according to Engineers on the inside.)
With a Republican strong hold you can expect defense contracts to be strong for the next couple of years at least.
Just my
I know Solaris/HP-UX/Linux/*BSD and Win2K and Some Cisco. AND I happen to want a new job...
Hire me please........
Everyone else was struggling with the VPN and were having trouble getting stuff working.
I started screwing around with port forwarding and now I work from home a lot.
I am in charge of the Unix/Windows systems. TightVNC and rdesktop are my friends...
Here are a few examples for people confused by SSH port forwarding:
TightVNC
ssh -l username -C -L 7777:internal.vnc.box:5900 ssh.gateway.box
vncviewer -compresslevel 7 -quality 1 -depth 8 127.0.0.1:7777
(On Windows the VNC port starts at 5900 on Unix it is 5901 or 5902 or whatever your desktop says it was set to for vncserver...)
Rdesktop
ssh -l username -C -L 3389:nt.termserver.box:3389 ssh.gateway.box
rdesktop localhost
To forward X from a remote host
ssh -l username -C -L 8811:internal.unix.box:22 ssh.gateway.com
ssh -l username -p 8811 127.0.0.1
To punch a hole in a restrictive firewall (i.e. don't allow ssh gateways...)
From your workstation that you want to reach from the internet:
ssh -C -l root -R 22111:your.work.station:22 your.fire.wall
From your firewall: (Make sure you open the port on the firewall...)
ssh -p 22111 localhost
You can run the command every 15 min from cron or whatever on your workstation at work, or put a sleep statement in,
so you can access it from home.
In the realm of Theology "rising from the dead" always carries with it the idea of the *entire* person rising from the dead. (Body/Soul/Spirit)
Without the personality/mind/memories its just atoms grouped in the exact same form as a previous bunch of atoms.
Which leaves us with the bigger question. Do people have souls which are immaterial? (I believe they do) and you can't clone something that isn't contained in DNA....
Just my
CmdrTaco: egads its a slow day....
How can we generate some activity???
Pudge: We could let "you know who" post....
timothy: *Gasp* Noooooo not him.....
CmdrTaco: Desperate times call for Desperate measures...
CmdrTaco: michael... Let out JonKatz...
CmdrTaco: I feel so... dirty....
You take their post-it notes a couple times and they start learning....
People at work hate me for enforcing hard passwords. (And other assorted security measures)
Basically I am a BOFH so I don't care.
Unfortunately the common joe/jill user has no clue when it comes to computer security.
You just have to resign yourself to the fact that people are not going to like you. (i.e. Security Nazi)
A good way to help *push* them towards secure passwords is to crack your own systems passwords.
You can use John the Ripper for Unix passwords OR l0pht crack for Windows systems.
Nothing disturbs an end user more then when you email them their old password,
(You have changed it to something hideous now...) and warn them that you can read their email.
If you use Microsoft systems then use the password "Account Policies" options to increase password length/complexity values.
If you use Unix try npasswd to enforce difficult passwords.
The most important factor is to get Management buy in. Try cracking some VP's passwords during a "standard audit".
Help them come up with a creative password. (First letters of a phrase work good. Throw in some numbers/metachars..)
Once I had Management buy in it was smooth sailing. Just hold their hand for a while.
Now it is just me doing Solaris/Linux/BSD/Windows 2000 and acting as backup Cisco guy....
I have been watching the job boards for a while and have seen TONS of postings for Unix admins with MCSE's and Cisco certs????
OR Developers who are also Oracle DBA's with SA experience.
A couple of recruiters have confirmed this and told me that the companies are asking for everything from tech workers now.
Its really silly of companies to do that. No one can be an expert at everything. Something has got to give.
When it does the company is gonna pay heavily for it.
telnet exploitable.sendmailserver.ru 25
Trying 64.28.67.150...
Connected to exploitable.sendmailserver.ru 25
Escape character is '^]'.
220 exploitable.sendmailserver.ru ESMTP Sendmail 8.6; Mon, 13 May 2002 21:59:49 GMT
helo dieiplawyersdieiplawyersdieiplawyers...250 chars...
250 exploitable.sendmailserver.ru Hello [spoofed.ip.address], pleased to meet you
mail from: ip-lawyers@ibm.com
250 2.1.0 ip-lawyers@ibm.com... Sender ok
rcpt to: idiot@panip.com
250 2.1.5 idiot@panip.com... Recipient ok
data
354 Enter mail, end with "." on a line by itself
Subject: Notice of pending lawsuit
To whom it may concern,
It has come to our attention that your company
.....legalese sounding stuff......
.
250 2.0.0 g4DM4ix07327 Message accepted for delivery
Repeat with messages from amazon, us government sites, etc...
Quote: "(for the LAST TIME idiots, we don't want to take away your guns, we just want to keep them out of the hands of kids!)"
I am not quite sure what you intended by that statement but the only person looking like an idiot is you. Facts to prove this:
1.) Columbine shooters also had pipe bombs. Huh, last time I checked those are totally illegal.
2.) Columbine shooter had a "sawed off" shotgun on his dresser. Parents saw and did nothing. Huh, last time I checked "sawed off" shotguns were totally illegal. So is a child owning a gun you did not give him/her.
3.) Calling the gun lobby stupid/idiots because there are some wackos is a Hasty Generalization.
4.) Charlton Heston Quote: "When gunmakers are responsible for criminal acts and no-one is responsible for OJ Simpson's acts, something is wrong"
I am not even an NRA member or and active gun "shooter".
This bill isn't doing anything that isn't already in place for minors.
You fail to see the irony in your argument. You argue that it is NOT the video games fault, but then argue that it IS the guns fault. Evil happens in this world EVERYDAY. If all the guns were magically gone tomorrow people would still be killing each other.
I admit that a gun can do far more damage than a knife/club/etc... But can it do more damage then pipe bombs with shapnel in them??? BOMBS are totally illegal but they were still present at the scene. (And are currently being spread around the US. link)
It all comes down to human responsibility. Both you and the congressmen/women miss that.