Paul Mooney

Historical EXPLOITS and Countermeasures

From 1939 to 1945 the U-Boats of the Third Reich menaced the North Atlantic by stealth and firepower. The US Merchant Marine were repeatedly attacked with thousands of lives lost and the British Navy helplessly watched ship after ship sent to the bottom of the ocean. By early 1943 the US Navy arrived with the ultimate countermeasure, the B-24 Liberator equipped with the latest technology, sonar (acronym for SOund, NAvigation and Ranging) and depth charges. The U-Boats were decimated and the tide of war changed.

This is Memorial Day in the USA, my Father enlisted in the US Navy on December 8, 1942 along with the rest of his football team at James Monroe High School in the Bronx. Over one hundred thousand young men from New York City died in WWII.

My Father first went to Radio School in Memphis then he and his crew flew a B-24 to Brazil, over to Morocco then to Devon in Cornwall. The 479th Anti Submarine Group out of Dunkeswell airfield played a decisive role in ending the exploits of the U-Boats. My Father never talked much about the war; because many friends of his never came home. One day about ten years ago there was a story in the New York Times, turns out that one third of the US stockpile of uranium in 1945 came from the Third Reich. As my Father was reading the story he began to shake and repeat “that’s our boat, that’s our boat”. That uranium was recovered from U234, my Father's B-24 was credited with the first ever surrender of a U-Boat in May 1945. He radioed a Destroyer the location of the U-Boat, it took fifty years to discover its amazing cargo

EXPLOITS and Countermeasures

I went to Hacker School this past week, sponsored by our good friends at Microsoft. Yes Microsoft hired a Network Security Specialist to teach me to exploit their software, cool!

Virus infections, Trojans, scripting attacks, denial of service,TCP eavesdropping, man-in-the-middle attacks, it was more fun then Summer Camp! We learned attack Phases and phrases, footprinting and footprinting tools. Scanning and System Penetration, Privilege Escalation and Evidence Elimination., DNS Lookup Tools, Ping Sweeps and Traceroute.

Password Cracking, once you see L0PHTCRACK in action you will change ALL your passwords! If you are running Windows 2000 or XP there is a very good chance you have a huge open BACKDOOR, check to see if your admin account has a very, very good password. Can someone HTTPTUNNEL through your firewall? ? ? ? The only countermeasure is to harden your network and the time to act is now.

Common Engineering Roadmap

"Microsoft has the best software engineering teams in the world; so, we believe we can build the best-engineered software products in the world. Well-engineered products consistently meet customer requirements, and our customers are demanding a consistently high level of reliability, security, lower total cost of ownership, and predictability from our products. The only way to make this happen is to have a specific set of criteria that each product must meet. Meeting this set of customer requirements is the core objective of Windows Server System."

Paul Flessner, senior vice president for Windows Server System, states the obvious. A goal all of us dream of, Systems that run in Harmony. We're not there yet, but with a goal in mind and a roadmap of how we are getting there, we're on our way!

Roadmap.doc

ASP.Net Scalability

Take a Leap in the Quest for ASP.NET Scalability
Understand the architectural and design decisions affecting scalability of ASP.NET apps. See how to use Enterprise Services and MSMQ to mitigate scalability problems.

Tech•Ed 2004 has given us more information for System Architecture, understanding the big picture as we assemble our code.

Architecture Workspaces

Tech•Ed 2004 Conference Highlights are rippling across the planet! Whenever you get 6000 technologist together things are going to happen. There is a feast of links, transcripts and announcements, enough to keep us excited for months. I just stumbled upon a fantastic resource for System Architects and aspiring System Architects courtesy of the premier developer community portal GOTDOTNET:

Workspaces
Workspaces provide a dynamic online environment, enabling collaboration on software projects without the barriers created by geographical or network boundaries. As a free service, Workspaces includes a number of team-focused development tools.

WSE

May 24, 2004 9:00 a.m. PDT New Development Tools for Web Services Help to Facilitate Secure, Integrated Systems Web Services Enhancements 2.0 and Information Bridge Framework Help Developers Keep Pace with Industry Advancements and Create Value-Added Applications for Customers.

Security Initiative

For the past three months I have attended and precipitated in three Security Conferences and three Security Workshops. This week it’s: Secure Architecture for Network and Data Infrastructure Accelerated Bootcamp and it is extremely well thought out and informative. There are eighty people in our workshop and it’s just three miles from my house.

Microsoft has been the host and benefactor of most of these offerings, for that I am grateful and much more Secure. It’s over a year since I got an email from Bill Gates (sorry it’s taken me this long to get back to you Bill, but I’ve been busy) where he pledged to make Security a priority for his software company. They have, and anyone who has been paying attention will have benefited from their efforts. From Windows Update to WindowsXP SP2 for the home user and SMS Server for the Corporate Networks and books, white papers, webcasts, seminars, DVD’s, and an ever growing community of blogs.

Now the onus is on us to write secure code and build secure networks, we have the tools and the best practices to accomplish what many have said can never be done.

Ink Ignites

The Tablet PC tour came to town last week and we were treated to a great talk from Roman Snytsar a Development Engineer on the Tablet PC Team. His enthusiasm for the ink generating properties in Tablet PC development was like that of a teenager showing off his latest video game! The only disappointment was that there were only six attendees in a city of eight million. When will they learn that the User Groups are in place all around the world waiting for opportunities like this to learn more about the latest technology?

We had a memorable meeting of the NYCDOTNET User Group the following night, I asked Roman if he could attend, but he had to fly back to Redmond. I arrived late because I was attending a Samsung Partner party two blocks away. Brad McCabe was giving his talk on Thinking in Ink as I went to the back of the room to grab a slice of pizza. A few friends came back to ask about the Samsung giveaways (we love giveaways) but before I could finish the slice of pizza an alarm went off. Our fearless leader Steven Forte went out to see what was the matter, he quickly returned to tell us it was “NOTHING”, so Brad continued his talk and I worked away at that pizza. Then a Microsoft employee stuck his head in the room and we clearly heard the words “fire” and “evacuate”, so the first thing everyone did was to come to the back of the room to rescue the pizza, then we headed out. There was some confusion as to which stairway we should use, but fifty sharp software developers found the <EXIT/> We could smell smoke in the stairwell and it got stronger as we descended the six flights. The fire trucks were there and New York’s Bravest were running in as we were going out. We had a good time on the sidewalk talking and taking photos, after about twenty minutes I asked Bill Zack and Andrew Brust if we were going back in, but just then two firemen passed carrying a stretcher….

A few of us headed down Seventh Avenue as more fire trucks arrived, then two blocks down NYPD was closing the Avenue, crime scene tape was going up around the entire block and we soon learned that a man had just been shot!

Think Ink

REGISTER NOW!

 

I'm be at the NYC Event. If you want more Ink Brad McCabe of Infragistics will be giving a talk; Developing Ink Enabled Applications with the TabletPC to the NYCDOTNETDEV User Group on Thursday May 20. Hope to see you there...

posted Tuesday, May 18, 2004 2:51 AM by paul with 0 Comments

Security Careers

Security has been very good to Christopher Painter, ever since his takedown of Kevin Mitnick his career and influence has replicated around the world. I met Christopher last week at eweeks Security Summit in NYC; he’s living the high life hyping fear about Security having just returned from speaking in Australia. I went to the URL of “his” website, but from what I saw this is a political hack job and that’s scary.

Richard Clark spoke about the bad Security policies of our government; ”All of you should pressure the government to do something about security. If the government was doing its job, things would be better." Richard was the Presidents Special Advisor for Cyber Security, he doesn’t work for the President anymore, but no one else has been appointed to the post of Cyber Security Advisor and that’s scary.

posted Monday, May 17, 2004 6:37 AM by paul with 0 Comments

System Architects

Those who can do, those who cannot become CIO’s. Technology evolves so business must also evolve with a management level System Architect to plan, design and implement IT. In today’s fast paced “do more with less” marketplace CEO’s need to understand computing systems, so why do they need a CIO to “intrepid” IT for them? At the eweek Security Summit in NYC this past week I listened to a CIO say her job was all about people, processes then Tech. Her area of focus was “Operational Risk Management” and admitted that she knew nothing about technology, well there’s your risk! Another CIO was advocating hiring a second suite for “IT Security” and this person would never configure a server or desktop. A System Architect is the person with the skills and experience to design and implement a secure network. In an Object-Oriented data structure Architecture is everything. System Administrators run networks, developers write code, and System Architects get it all to work.

posted Saturday, May 15, 2004 2:33 PM by paul with 1 Comments

Your software sucks!

I had the honor and privilege of meeting Richard Clark this week at eweeks Security Summit in New York City. Richard has become famous for issuing warnings and now he’s calling for buggy software to be fixed, “your software sucks”. I don’t ever recall hearing the word “sucks” from a man of his generation and status, but he did get everybody’s attention. Had he been as forceful on August 9, 2001 we may have averted a tragedy. Now he is calling for regulations and focus groups to go after the software industry. Teenage hackers are not the big problem today; it’s the hackers we don’t know about. Are they getting inside our nations power companies? Are we on the verge of yet another tragedy?

posted Friday, May 14, 2004 4:35 PM by paul with 2 Comments

HALO2

HALO2  the most anticipated game sequel of all time will arrive on 11/9/04 !

Halo™ 2 is the sequel to the highly successful and critically acclaimed Halo: Combat Evolved. In Halo 2, the saga continues as Master Chief—a genetically enhanced super-soldier—is the only thing standing between the relentless Covenant and the destruction of all humankind.

This is great news for those of us on XBOX Live! The ultimate gamer network will be celebrating its second year with what we hope will be a game to set the World on FIRE!                                       

                                                                                                     

posted