never-ever-****-with-my.net

I found myself in the situation where I had to whois a large number of IP addresses and play with the output in Excel.

Thanks to Ben Schmitz's Net::Whois::IP Perl extension for looking up the whois information for IP addresses and some Google searching to locate some decent usage example (found in the whois.snortalog file in Jérémy Chartier's SnortAlog), I could put together the following lame script:

#!/usr/bin/perl
require "whois.snortalog";
use Net::Whois::IP;
$k = $ARGV[0];
whois();
print $ARGV[0] . "\t" . $inetnum . "\t" . $netname . "\n";

It expects an IP address in argument and outputs it along with its NetRange and NetName separated by tabulations.

Please post a comment if you improve it (e.g., adding error handling, etc.).

Last Wednesday, Microsoft published Windows Vista Security Guide, which provides recommendations to harden computers that use specific security baselines for the following two environments:

1. Enterprise Client (EC)--client computers in this environment are
   located in a domain that uses Active Directory and only need to
   communicate with systems running Windows Server 2003--implementation of this security baseline is described in Chapter 1;
2. Specialized Security--Limited Functionality (SSLF)--concern for
   security in this environment is so great that a significant loss of
   functionality and manageability is acceptable--implementation of this security baseline is described in Chapter 5.

• Defend Against Malware--Chapter 2 includes information about how to most effectively use User Account Control (UAC), Windows Defender, Windows Firewall, Windows Security Center, Malicious Software Removal Tool, Software Restriction Policies, and Internet Explorer 7 security features (e.g., Protected Mode, ActiveX Opt-in, Cross-domain scripting attack protection, Security Status Bar, Phishing Filter, etc.);
• Protect Sensitive Data--Chapter 3 focuses on encryption and access control technologies that help protect mobile computing environments from potential loss and theft: BitLocker Drive Encryption, Encrypting File System (EFS), Rights Management Services (RMS) and Device control;
• Application Compatibility--Chapter 4 provides guidelines to preserve functionality of existing applications when using the new and enhanced security features of Windows Vista.

End of last week, NIST published four Draft Special Publications on e-mail security, intrusion detection and prevention, web services security, and cell phone forensics.

Continue reading "NIST on Several Things" »

Just as Google releases Spreadsheets (a total non-event for serious Excel users), an interesting discussion surfaced on Slashdot.  The article links to an interesting paper by Raymond R. Panko at University of Hawai'i about what is known about spreadsheet errors.  The conclusion says:

"All in all, the research done to date in spreadsheet development presents a very disturbing picture.  Every study that has attempted to measure errors, without exception, has found them at rates that would be unacceptable in any organization.  These error rates, furthermore, are completely consistent with error rates found in other human activities.  With such high cell error rates, most large spreadsheets will have multiple errors, and even relatively small "scratch pad" spreadsheets will have a significant probability of error."

Also, the article links to the European Spreadsheet Risks Interest Group (EuSpRIG) and its collection of public reports of spreadsheet errors.

As pointed out by the ISC's Handler's Diary, and further to the ZDNet article reporting that Microsoft considers taking admin rights from employees (link posted last Wednesday), Microsoft published Standard User Analyzer, a tool that "helps developers and IT professionals diagnose issues that would prevent a program from running properly without administrator privileges.  On Windows Vista, even administrators run most programs with standard user privileges by default, so it is important to ensure that your application does not have administrator access as a dependency.

Using the Standard User Analyzer to test your application can identify the following administrator dependencies and return the results in a graphical interface:

• File access
• Registry access
• INI files
• Token issues
• Security privileges
• Name space issues
• Other issues"

Wired published an interesting article on Narus' deep packet-inspection technology said to be the basis of the NSA's internet surveillance:

"Narus' product, the Semantic Traffic Analyzer, is a software application that runs on standard IBM or Dell servers using the Linux operating system. It's renowned within certain circles for its ability to inspect traffic in real time on high-bandwidth pipes, identifying packets of interest as they race by at up to 10 gigabits per second.

Internet companies can install the analyzers at every entrance and exit point of their networks, at their "cores" or centers, or both. The analyzers communicate with centralized "logic servers" running specialized applications. The combination can keep track of, analyze and record nearly every form of internet communication, whether e-mail, instant message, video streams or VOIP phone calls that cross the network.

Brasil Telecom and several other Brazilian phone companies are using Narus products to charge each other for VOIP calls they send over one another's IP networks. Internet companies in China and the Middle East use them to block VOIP calls altogether."

Yesterday, Google released its Web Toolkit (GWT):

"(...) a Java software development framework that makes writing AJAX applications easy.  With GWT, you can develop and debug AJAX applications in the Java language using the Java development tools of your choice.  When you deploy your application to production, the GWT compiler translates your Java application to browser-compliant JavaScript and HTML. (...)

Google Web Toolkit ships with a Java-to-JavaScript compiler and a special web browser that helps you debug your GWT applications. For details on how they work, check out the GWT product overview."

Update: running examples are available here (with source code).

Update 2006/6/6: an assortment of interesting links is available on the GWT blog.