Ed Smiley's Blog

These are my links for October 20th through October 26th:

• How to sync an iPhone with two (or more) Computers :: Shiny Things – This tutorial allows you to add music/videos/podcasts from multiple machines. If you just want to sync PIM (Contacts/Calenders etc) on one machine and media on another there’s a simpler way. On the computer you want to sync contacts/calendar with select only these items and perform a sync. Now, on the second machine enable Music/Photos/Etc and perform a second sync. You will be warned the media library will be deleted, but as there’s no media this is fine.
• Sickurity.com keeps ya updated –
• OWASP NYC AppSec 2008 Conference – OWASP –

These are my links for October 17th through October 18th:

• Network Printer Hacking: Irongeek’s Presentation at Notacon 2006 –
• Security Conference – SecTor 2008 – SecTor 2008 Video and Presentations
• Off Campus : The magic re-imaging USB key – By now you should have a basic understanding of windows imaging using .WIM technologies and ImageX. In the WAIK there is an update for Server 2003 to install WDS, Windows Deployment Services. Many customers in the past have simply staged Windows images on a file share and boot to Windows 98 boot disks to apply them. If that is your existing process, WDS can be leveraged in much the same way and offers a richer and more flexible solution.

These are my links for October 10th through October 16th:

• SANS Institute – Skype: A Practical Security Analysis – Interesting read that goes over points like network utilization and behavior.
• Slashdot | Every Email In UK To Be Monitored – "The Communications Data Bill (2008) will lead to the creation of a single, centralized database containing records of all e-mails sent, websites visited and mobile phones used by UK citizens. In a carnivore-on-steroids programme, as all vestiges of communication privacy are stripped away, The BBC reports that Home Secretary Jacqui Smith says this is a 'necessity.'"
• The trouble with ‘deep packet inspection’ – The Red Tape Chronicles – MSNBC.com – Deep down, most Net users realize that everything they do online can be watched and tracked. Most, however, forget this on a day-to-day basis. That's why a new technology called deep packet inspection is potentially very disturbing.
• Midnight Research Labs – Depant your network – MRL has a new tool we’re releasing that will check your network for services with default passwords. The tool is called depant ((DE)fault (PA)ssword (N)etwork (T)ool).
• Blackhillsinfosec Videos – Videos of Samaurai WTF, Evilgrade, IDS and Packets, Basic Netcat usage and more!

These are my links for September 29th through October 9th:

• dmiessler.com | writing | infoseccerts – Many people are confused by the massive number of information security certifications available today. Some people already have one or more and are looking to expand, while others are just getting started with certification and need a place to start. This guide aims to help with both scenarios.
• Deploy XP Images in the Computer Lab with Windows Deployment Services on Server 2003. –
• MobaLiveCD – Run your LiveCD on Windows – MobaLiveCD is a freeware that will run your Linux LiveCD on Windows thanks to the excellent emulator called "Qemu".
  MobaLiveCD allows you to test your LiveCD with a single click : after downloading the ISO image file of your favorite LiveCD, you just have to start it in MobaLiveCD and here you are, without the need to burn a CD-Rom or to reboot your computer.

Into the Breach Picture

�

I received a preview copy of Michael Santarcangelo (AKA Catalyst) book, Into the Breach, a few weeks ago and finally made my way around to read it on my recent trip to Texas. My reaction to the book, WOW! No other book that I have read in the past few years (even my chemistry ones) have sparked so many thoughts of how I can use the information I was reading in my everyday work.

In the Introduction and even on the back of the book there is a quote that hits home:

People have been unintentionally and systematically disconnected from the consequences of their actions for so long, they are no longer held accountable or take responsibility

This quote seems to be one of the things I deal with all the time. People either have too many other things to do or are “too important” to deal with the consequences of their actions.  Even more so, these same people are hardly every held accountable or take responsibility when something does happen.  Michael explains how to change thinking from just throwing technology at the problem to engaging people and involving them in the process of securing the data with a Strategy to Protect Information.

A phrase is mentioned throughout the book and even has its own chapter is “People just want to do their jobs“.  He uses a spot on example of a confusing password policy and how users react to “pain” caused by it.  In this case, the pain is how these items (like confusing password policies) hinder the users from doing their jobs.  As a natural response to the pain, users will find a way to deal it, such as writing down their complex password on a post-it and sticking it on their monitor.  Later in the book he explains an approach that supports people and engages them in the process of protecting information.  I sometimes think that we (as IT professionals) get hung up in the policy and forget about the person actually doing their jobs.  I have heard many times at my job, this is policy, that is policy.  However, nothing is done to help the users comply with the policy and still get their jobs done in an easy and manageable manner.

This is just a small sample of what is in this book.  I think that this book is a must read by anyone dealing with information, from the highest tier professional (CIO/CISO) to the part-time helpdesk technician.  Into the Breach takes an unique and interesting approach showing how everyone can be involved in protecting his or her business.

A while back I read about the native Podcaster app that was expected to be released to the App Store. However it never showed up. I dug a little further and found out that Podcaster was one of the many apps not getting past the Apple app check. Rather unfortunate since the reason for this is that it was denied because “it duplicates the functionality of the Podcast section of iTunes“. However, I have found the only thing it does that Itunes does is download Podcasts. Podcaster is so much more and is now available via Cydia on jailbroken iPhones for $5 (half the original price).

I have been looking for an app that had the ability to download podcasts to my phone on the go. I sync my iPhone with my peronal laptop. When I am away from this computer and want to download an interesting podcast that, say comes up on Twitter, I have to sync my phone with that laptop. Very inconvenient to say the least. Along comes Podcaster to save the day.

With Podcaster, you can stream or download any podcast. Podcasts can easily set up to download via the built in search or by importing your opml, feed url, or Podcaster.fm account.

A nice thing with Podcaster is that you can open up the podcast within the application, or safari so you can do other things with your phone while you are listening. Also, Podcaster works great with Backgrounder which allows you to run apps in the background.

The program is quite stable and has only crashed once in about the week I have been using it. This is as opposed to the WordPress app, which has crashed twice while writing this post. Also, the developer seems to be very active in development and has fixed many bugs quickly.

The only two additions I would like to see would be the ability to play downloaded podcasts in safari ( can only stream) and a better download status as it is often blocked with long titled podcasts.

Now that Apple had taken away the developers way to approve ‘official’ installs, cydia and a jailbroken phone is the only way to get this app. So, if you meet this criteria, I highly recommend that you give Podcaster a try. You can try before you buy with a 14 day trial and watch a preview video on the developers site.

Be sure to keep an eye on the podcaster Twitter feed as he has given away numerous free activation codes and promises more.

UPDATE: The Developer added these comments:

Playing in safari from disk is not allowed by the sdk because Safari cannot read files from disk
I will put an option to play from disk for those that have a jailbroken iphone. There is an app (safari plugin) that allows for just this.

There is a new application out on Cydia that lets you run Iphone applications in the background. �It is called�Backgrounder�and it works pretty nice. �I have been testing it with AIM and sometimes multiples of the same message are delivered. �I can live with that! �Hopefully this project will continue to develop and work out any bugs that pop up. Check it out!�

Thanks to @iphonepodcaster for the tip