Srcasm

K-I-S-S-I-N-G! Great news for both teams, Revision3 and Viddler have decided to team up — errr, Rev3 has decided to host all of their videos on Viddler’s system. See a tidbit from Colin’s latest post on the Viddler blog:

Each and every day more of your favorite videos, from vlogs to viral, are showing up here on Viddler. Today is no exception. Now more than ever, thanks to Revision3 and all of its shows joining Viddler, you can watch your favorite Web video shows in your favorite Web video player!

Please join me in welcoming DiggNation, The Digg Reel, Infected, The Revision3 Gazette, Tekzilla, my friend Om Malik’s GigaOm Show, PixelPerfect, iFanboy, SYSTM, Scam School, XLR8R, Web Drifter, and the Totally Rad Show to the Viddler community.

Not only is this great for Viddler (as any publicity is good publicity and this is surely great) but this also means a great new feature is rolled out (at least I think it’s new), Digg right in the Viddler videos. (Forgive me if it’s not but if it’s new to me, it’s new because it’s my blog and I said so.)

They’ve made it simple and easy to do. Just make sure you’ve submitted the link to Digg and then simply add a tag to your video that says “digg:URL-that-was-submitted-to-viddler” and you’re all set. Remember, make sure you have already posted it or you get something like this:

So go ahead, behold the beautiful new child that is Vidiggler and bask in its glory — or at least give it a whirl on your own videos.

What do you think of Viddler and Rev3 joining forces? Or better yet, what are your thoughts on Web2.0 companies joining forces in general?

I came across a very interesting read at Marcus Ranum’s blog about the 6 dumbest ideas in computer security.  His number 1 idea was by far one of my biggest pet peeves:

#1) Default Permit

The most recognizable form in which the “Default Permit” dumb idea manifests itself is in firewall rules. Back in the very early days of computer security, network managers would set up an internet connection and decide to secure it by turning off incoming telnet, incoming rlogin, and incoming FTP. Everything else was allowed through, hence the name “Default Permit.” This put the security practitioner in an endless arms-race with the hackers. Suppose a new vulnerability is found in a service that is not blocked - now the administrators need to decide whether to deny it or not, hopefully, before they got hacked. A lot of organizations adopted “Default Permit” in the early 1990’s and convinced themselves it was OK because “hackers will never bother to come after us.” The 1990’s, with the advent of worms, should have killed off “Default Permit” forever but it didn’t. In fact, most networks today are still built around the notion of an open core with no segmentation. That’s “Default Permit.”

This could not be truer.  I find every time I go into a meeting to discuss, setup, introduce or roll out the newest and greatest product, this comes into play.  Most people want to roll it out without thinking about what it actually does.  Take for example a new firewall system.  The new product could be brought in, setup and configured exactly like the old one and everything will probably continue to function.  But in the end, why bother spending $20,000 on the new box if you aren’t going to look at what you’re using it for.

Please keep this in mind while setting up your new software program, coding your new web application or simply plugging in the greatest computer you have ever owned.  Keep it closed — open only what you need.

While perusing the Internet the other day I happened across an article outlining Microsoft’s dive into the mapping world and their attempt at beating out Google on simple, fast and efficient online maps.  I laughed.  I haven’t seen a product from MS come out in a long time that beats the awesomeness that is Google.  But I may have been mistaken.  Take a look at the two different images below and after the jump I’ll tell you my thoughts.

Microsoft Live Maps

Google Maps

Continue reading »

I recently found while working on a Barracuda spam appliance that the person who set it up made a tiny mistake.  Now I’d be one to admit if it were me but I’m pretty sure it wasn’t this time.  They had all the steps right up until the second to last one.  Let me set the stage…

1. Three spam filters from Barracuda Networks spread out accross the globe.
2. All three have a similar configuration setup on them.  (Check for spam on the inbound and act as the primary, secondary and tertiary outbound relays for internal mail heading out to the wide, wide world we call the Internet.)
3. Setup allowed Relay IP addresses (internal mail servers, certain paging systems, even a multi-function printer or two).
4. Add the companies domain name to the list of allowed relayers…
5. Turn on the appliances and setup the MX records outside so we have a “fail-safe”, redundant, spectacular, awesome email spam fighting system!

Now, if you haven’t seen it yet, check step number 4 again.  See, in step 3 we set up the system so that specific servers were able to relay out through the device.  These IPs were entered in by either individual hosts or small subnets of systems that had rights to send out email to the outside world.  But in step 4 we then said that any email coming “from” the company’s domain (we’ll call it xyz.com) was allowed to relay as well.  That’s an issue because it’s fairly simple to both figure out what the company’s domain name is and then use it to start sending spam out from anywhere in the world.  Lets look at and example session connecting to a Barracuda spam appliance via SMTP: (Note: The bold lines are the commands that I wrote.)

220 spam1-svr.xyz.com ESMTP (d2f98b7a83b562327asdcjb25227d4f7)
HELO xyz.com
250 spam1-svr.xyz.com Hello laptop-lt [malicious.ip.from.outside], pleased to meet you
MAIL FROM:someone@xyz.com
250 Ok
RCPT TO:anotherperson@zyx.com
250 Ok
DATA
354 Start mail input; end with .
This is an email
.
250 Ok: queued as AAEDC3SKB1CE

The problem with allowing xyz.com to relay is that it takes precedence over the IP list that was setup in 3.  This means that with that first line (spam1-svr.xyz.com), a spammer knows what the local domain is.  Now all they need to do is start making up email addresses that may or may not exist in your domain and they too can use you as an open relay.

If you’re on a Barracuda box, the screen is located at Advanced->Outbound/Relay and looks like this:

Please, make sure that you’re not using the Senders With Relay Permission or Trusted Relay Host/Domain sections of the relaying tab.  Take the time to enter the IPs of the systems that need relaying and if you can, use LDAP lookups to verify that the sending email address is actually someone who exists.  You’ll thank me later — when you’re not blacklisted in 10 different systems and your users’ email can’t get through.

So as most people know I am a big fan of Google in most ways. I use their email (for multiple domains and a Gmail account), I’ve been known to use Google Docs, maps are one of their best features — and who could forget good ‘ol Google.com? I have to say that their sites tool is a little on the junky side but all-in-all, their services are great. I recently came across one that I had not seen or used before and now I’m in love. The kind of love that can not be split up by browser upgrades, computer changes or long-distance travel and it’s called Google Browser Sync (for Firefox only).

I’ve used different browser sync tools in the past but this one just blows the others away with its simplistic design, cross-platform capabilities and an online storage system that I have come to love very much. After a quick install (just like any other Firefox plugin) the browser plugin prompts you for your Google account info (no Google for your domain accounts that I know of) and then has you choose a unique PIN number. The PIN is to make sure that someone doesn’t just add the tool bar on a computer where you’ve saved your password. I’m also not sure if the PIN allows you to have multiple Google Browser Sync subsections (i.e. Sync computers A and B and then sync computers C and D). Once this process is done, you’re off to the races. Not only does it sync your bookmarks but it also does browsing history, saved passwords and even keeps track of your open tabs. This means that if you close Firefox on your work computer, go home and open it up, it’ll prompt you to see if you want to reopen those tabs! How great is that?   In addition, there is no user intervention required.  When you close down Firefox, the small window pops up for a second that shows you that it’s syncing your browser to Google.  That’s it.

I know that many of the security gurus out there will yell at me and say, “hey, what about what they do with that information?!?!?!?”  Well I’ll tell you what — If you can show me a simpler, clean and fast way of syncing browsers online without using a service like Google (who already knows who I talk to (email), what I’m interested in (search) and where I like to eat brunch (maps)) then I’d be happy to hear it and take a look.  For now, I trust Google with my info.  They haven’t steered me wrong yet and I’m hoping that they never do.

Please, let me know what you think of the browser wars, syncing your info, sending email or anything else under the sun.