Wednesday, December 17, 2008

xss filtering

http://directwebremoting.org/blog/joe/2008/12/04/xss_filtering.html

blackberry security

http://www.networkworld.com/news/2008/121708-5-ways-to-secure-your.html?page=1

gifar

http://xs-sniper.com/blog/2008/12/17/sun-fixes-gifars/

Tuesday, December 16, 2008

Afterglow and TShark

Fun with tshark (wireshark) command line


Submitted by daryl on Mon, 11/24/2008 - 23:33



* sniffer


* tshark


* visualization


* wireshark



Get csv output of source and destination IP addresses from a pcap (wireshark or tcpdump) capture file.



tshark -r file.pcap -T fields -E separator=, -e ip.src -e ip.dst



Creates a file similar to:




192.168.1.105,192.168.1.120


192.168.1.105,192.168.1.120


192.168.1.120,192.168.1.105


192.168.1.120,192.168.1.105


72.14.247.83,192.168.1.105


192.168.1.105,72.14.247.83


72.14.247.19,192.168.1.105


192.168.1.105,72.14.247.19


192.168.1.105,74.53.76.3


74.53.76.3,192.168.1.105


192.168.1.105,72.14.247.83


72.14.247.83,192.168.1.105



Then if you have afterglow installed you can create a visualization of the source and destination information by doing the following:



(from the $HOME/afterglow/src/perl/graph directory)



tshark -r file.pcap -T fields -E separator=, -e ip.src -e ip.dst | perl afterglow.pl -c color.properties > file.dot



This creates a filter of the data for drawing a direct graph using neato.



Now using neato create a gif file to display a visualization of the data.




neato -Tgif -o test.gif ./file.dot

Security thoughts

1. Good end point security assumes the network is hostile.



2. Good network security assumes the end point is hostile.



3. Good data security assumes the user is hostile.



Thursday, December 11, 2008

Creating a Patch and Vulnerability Management Program

http://csrc.nist.gov/publications/nistpubs/800-40-Ver2/SP800-40v2.pdf

Wednesday, December 10, 2008

secure switch

http://secureswitch.com/SecureSwitch.htm

pass thru authentication

windows trust model
online password generator

password generator

Sunday, December 7, 2008

How to correct "disable Autorun registry key" enforcement in Windows

http://support.microsoft.com/kb/953252

router forensics

http://sansforensics.wordpress.com/2008/11/24/cisco-router-forensics/

pen test tool site

http://www.toolcrypt.org/index.html

Saturday, December 6, 2008

excel port scanner

http://www.cqure.net/wp/hedgehog/

secure os separation

http://www.ghs.com/products/rtos/integritypc.html

Friday, December 5, 2008

tcp tools

http://www.comlab.uni-rostock.de/research/tools.html

Wednesday, December 3, 2008

another enterprise password manager

http://www.passlogix.com/products/v-GO_sharedaccountsmanager/benefits/

enterprise password tool

http://www.liebsoft.com/index.cfm/products?id=360

wireshark network traffic filters article

how to write wireshark filter

security visualisation articles

secviz

rsa tutorial

http://scienceblogs.com/goodmath/2008/12/public_key_cryptography_using.php

backup cartoon

http://raistlin.soup.io/post/8405140/Image

incident handling cheat sheets

http://www.zeltser.com/network-os-security/security-incident-survey-cheat-sheet.html



http://www.darkreading.com/blog/archives/2008/12/cheat_sheets_fo.html



http://www.zeltser.com/network-os-security/security-incident-questionnaire-cheat-sheet.html

network separation solution

http://www.networkworld.com/news/2008/120208-unisys-stealth-encryption.html?fsrc=rss-security

Friday, November 28, 2008

log file visulisation

gltail

another file visualisation tool

nicsa

powershell - find new users

synjunkie post

Thursday, November 20, 2008

eal6+ rated OS

http://www.darkreading.com/security/app-security/showArticle.jhtml?articleID=212100421

Tuesday, November 18, 2008

Some stuff to look at

http://www.netwitness.com//solutions/incidentresponse.aspx



http://devcentral.f5.com/weblogs/macvittie/archive/2008/11/07/virtualization-how-to-isolate-application-traffic.aspx



http://startupsecurity.info/blog/2008/11/06/typical-injection-points-in-a-web-application/



http://pauldotcom.com/2008/11/discovering-rogue-access-point.html



Monday, October 20, 2008

new layer 2 protocol

http://www.informationweek.com/shared/printableArticle.jhtml?articleID=210605169

notes from sans pen test conf

Notes from SANS Penetration Testing with Confidence Webcast



SANS Webcast


https://www.sans.org/webcasts/show.php?webcastid=91101



Penetration Testing with Confidence: 10 Keys to Success



Lenny Zeltser



-(slide 3) sometimes the role of the attacker is tricky for a defender


-(slide 5) Asking the right questions about the pentest is essential to success.


**Less about a step by step and more about asking the right questions to get the right pen test for the customer




Question #1


-Is a pen test the type of assessment that is needed?


**Do you need to demonstrate the vulnerability, do you need to exploit it or is finding the vulnerability enough?



*Types of Assessments


-Vulnerability Assessment


-Security Policy Assessment


-Penetration Test



Question #2


-What is the scope?



*if its a pen test, is the customer actually ready to have their network or application exploited


*possibility of system crashes and failures due to failed exploitation attempts


*pen tests are good for shock value, prove that someone can get in and access information



*Scope Questions



-Targets=which specific systems or networks?


-Depth=how far into the network can we go? need to work that out before you start.


-Exclusions=self explanatory


**excluded systems are usually the most jacked up :-)



Question #3


-What tests should be performed?



*Commonly excluded tests ;-(


**mostly because they are so effective


-Denial of Service


-Physical Security


-Social Engineering


*but if its allowed, try to test specific cases that would be violations of policy or training, will people click on links in emails even though the user training says not to


-War Dialing


-Client-side Attacks




Question #4


-Are non-commercial tools allowed?


**Canvas, Core Impact, MSF, standalone exploits, BT are not necessarily "vetted" and you may need to get permission to use them



Question #5


-What is the attacker's profile



*Professional versus amateur


-Target a network for information and money


-Non-targeted attack, attack of opportunity


*knowing what type of attacker will drive the types of tests you do



Question #6


-Is it a White Box or Black Box test?



-White=full knowledge


-Black=no knowledge minus left & right limits


*depending on the test drives the Path of least resistance and attack trees


-Try to strategize before hand, check out slides 19-22, consider making attack trees



Question #7


-What are the time constraints?



-Duration of the test


-Timing restrictions



Question #8


-How to handle issues that may arise during the test?



-Target system crashed


-Sensitive data found


-You're not the first person on the box...eeeeek


*have a contact form for issues that come up



Question #9


-What do you do with the results?



Question #10


-Do I have explicit permission to perform the pen test



-Written permission...CYA

Tuesday, September 30, 2008

metadat tool

http://hachoir.org/


Saturday, September 20, 2008

utm product

http://www.networkworld.com/news/2008/091808-watchguard-shows-new-xtm.html?fsrc=rss-security

Wednesday, September 17, 2008

citrix ddc

http://community.citrix.com/blogs/citrite/martinm/2008/03/28/XenDesktop+and+Active+Directory

data loss prevention 2

rsa appliance

http://www.rsa.com/node.aspx?id=2826

data loss tool

http://www.reconnex.net/products/data_loss_profiler.php

Sunday, September 14, 2008

rfid chips article

http://searchsecurity.techtarget.com/expert/KnowledgebaseAnswer/0,289625,sid14_gci1329179,00.html

Saturday, September 13, 2008

plainsight forensics platform

http://www.plainsight.info/download.html

Thursday, August 7, 2008

More on GIFARS and Other Dangerous Attacks

http://www.gnucitizen.org/blog/more-on-gifars-and-other-dangerous-attacks/

Wednesday, August 6, 2008

More on GIFARS and Other Dangerous Attacks

http://www.gnucitizen.org/blog/more-on-gifars-and-other-dangerous-attacks/

DNS troubleshooting and analysis

http://searchnetworkingchannel.techtarget.com/tip/0,289483,sid100_gci1322916,00.html


Network World

* Blogs
* Clear Choice Tests
* Videos
* Events
* More

News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center

Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS

* Security
* LANs & WANs
* VoIP & Convergence
* Network Management
* Wireless & Mobile
* Software
* Data Center
* Small/Midmarket Business Networking
* Toolshed
* Subnets
* Cisco Subnet
* Google Subnet
* Microsoft Subnet

* Anti-Malware
* Compliance
* Firewalls / VPN
* NAC
* Services
* Clear Choice Tests
* IT Buyer's Guides
* Whitepapers
* Webcasts

* Broadband
* Ethernet
* Metro Ethernet
* MPLS
* Routers
* WAN Optimization
* Clear Choice Tests
* IT Buyer's Guides
* Whitepapers
* Webcasts
* Value of WDS

* IP PBX
* SIP
* Unified Communications
* VoIP Services
* Clear Choice Tests
* IT Buyer's Guides
* Whitepapers
* Webcasts

* App Management
* Desktop Management
* ITIL
* Patch Management
* Clear Choice Tests
* IT Buyer's Guides
* Whitepapers
* Webcasts

* PDAs / Smart Phones
* WiFi
* WiFi Security
* WiMAX
* Clear Choice Tests
* IT Buyer's Guides
* Whitepapers
* Webcasts

* Applications
* Collaboration / Web 2.0
* Messaging
* SaaS
* SOA
* Windows
* Middleware
* Clear Choice Tests
* IT Buyer's Guides
* Whitepapers
* Webcasts

* Desktops
* NAS
* SANs
* Servers
* Storage Mgmt.
* Utility Computing
* Virtualization
* Green IT
* Clear Choice Tests
* IT Buyer's Guides
* Whitepapers
* Webcasts

* Broadband
* Collaboration
* Equipment
* Mobile
* Networks
* Security
* Storage
* Clear Choice Tests
* IT Buyer's Guides
* Whitepapers
* Webcasts

* IT Asked & Answered

* IT Buyer's Guides
* Whitepapers
* Webcasts

* Social Web
* Email
* Close

Digg
Slashdot
Fark
Stumble
Reddit
MIXX
del.icio.us
Newsvine
Technorati
Facebook
Your Name:
Your Email Address:
Recipient(s) Email Address:
(Comma separation for multiple addresses)
Your Message:

Cisco routers again take hacker spotlight

http://www.networkworld.com/cgi-bin/mailto/x.cgi?pagetosend=/export/home/httpd/htdocs/news/2008/080508-cisco-routers-again-take-hacker.html&pagename=/news/2008/080508-cisco-routers-again-take-hacker.html&pageurl=http://www.networkworld.com/news/2008/080508-cisco-routers-again-take-hacker.html&site=security

Choosing the right XML security appliance

http://www.networkworld.com/cgi-bin/mailto/x.cgi?pagetosend=/export/home/httpd/htdocs/news/tech/2008/080508-tech-update.html&pagename=/news/tech/2008/080508-tech-update.html&pageurl=http://www.networkworld.com/news/tech/2008/080508-tech-update.html&site=security

Controlling Group Policy Security Settings Refresh and Application

http://www.windowsecurity.com/articles/Controlling-Group-Policy-Security-Settings-Refresh-Application.html?printversion

Microsoft charts security vuln MAPP

http://www.theregister.co.uk/2008/08/05/microsoft_vulnerability_disclosure/print.html

Researcher gives Elvis and bin Laden fake e-passports

http://www.theregister.co.uk/2008/08/06/epassport_alteration_demo/print.html

Microsoft Revamps Patch Tuesday Warning Process

Microsoft Revamps Patch Tuesday Warning Process


Software giant will share vulnerability data early with third parties, create 'Exploitability Index' for newly found flaws



AUGUST 5, 2008 | 11:30 AM



By Tim Wilson


Site Editor, Dark Reading



LAS VEGAS -- Black Hat USA 2008 -- As hackers and researchers get ready to unveil their latest vulnerability findings here, Microsoft today announced that it is improving its methods for sharing and categorizing the vulns that affect Windows and its other applications.



"The introduction of these new programs helps address evolving online threats and provides more practical guidance to assess and manage risk," said Andrew Cushman, director of security response and outreach at Microsoft. "In the race between exploit and protection, Microsoft is committed to shifting the advantage to the security industry."



Microsoft launched the Microsoft Active Protections Program (MAPP), which gives security software providers "advance information" about the vulnerabilities addressed by Microsoft security updates. By sharing its vulnerability findings with third-party security vendors earlier, the software giant hopes to speed the development and delivery of patches and updates that address those flaws.



Microsoft also introduced its "Exploitability Index," which is designed to help users handicap the likelihood that a newly announced vulnerability will immediately result in active exploits by hackers. The Exploitability Index will be included as part of Microsoft’s monthly Patch Tuesday security bulletin releases, beginning in October.



The Exploitability Index might help users decide how swiftly they need to issue the patches that Microsoft issues each month. Currently, the software giant rates vulnerabilities on a scale of "critical," "serious," and so forth. The new index will rate vulnerabilities as "consistent exploit code likely," "inconsistent exploit code likely," or "functional exploit code unlikely."



"This additional information helps customers better assess their unique risks and better prioritize deployment of the monthly security update," Microsoft said.



"The [current] MSRC Bulletin Severity Rating system assumes that exploitation will be successful" a Microsoft spokesperson explained. "For some vulnerabilities where exploitability is high, this assumption is very likely to be true for a broad set of attackers. For other vulnerabilities where exploitability is low, this assumption may only be true by a dedicated attacker putting a lot of resources into ensuring their attack is successful.



"Microsoft will never recommend customers not to deploy an update, regardless of the Bulletin Severity rating or Exploitability Index," the spokesperson continued. "However, this information can assist sophisticated customers prioritize their approach to each month’s release."



The MAPP progrom will enable security software providers to be briefed on Microsoft's vulnerability findings before they are made public, speeding the development of patches and updates, the company said. However, the company isn't allowing researchers into the program. In order to join, a member must "offer commercial protection features to Microsoft customers" to a large number of customers. Members may not sell attack-oriented tools, the company said.


Microsoft will be blogging and offering its own views on the Black Hat conference this week through a new offering called the Microsoft Black Hat pressroom.

Monday, July 21, 2008

cold boot toolset

princeton university

cold boot toolset

princeton university

Tuesday, July 15, 2008

S.F. officials locked out of computer network

http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/07/14/BAOS11P1M5.DTL

Tuesday, July 1, 2008

squid blacklist provider

http://www.shallalist.de/



Sunday, June 29, 2008

folder2iso

freeware software to create iso from folder structure. useful fir mounting folders in vmware, creating dvd of files for iso burner to burn



http://www.trustfm.net/divx/SoftwareFolder2Iso.php?b2=1

wall chart

tld wall chart



http://www.visibone.com/countries/countrychart_4080.jpg

Friday, June 27, 2008

vlc streaming

vlc --intf http --sout="#standard{access=http,mux=ts,dst=192.168.19.11:8899}"

dokuwiki

iis and dokuwiki


Setting up dokuwiki on IIS with integrated authentication

unworkable security rules

http://www.acsac.org/2001/papers/110.pdf

Tuesday, June 24, 2008

Tools:Network Forensics

Tools:Network Forensics

Tuesday, June 17, 2008

remove speaker notes from powerpoint slides

Set objPPT = CreateObject("PowerPoint.Application")


objPPT.Visible = True



Set objPresentation = objPPT.Presentations.Open("C:\Scripts\Test.ppt")


Set colSlides = objPresentation.Slides



For Each objSlide in colSlides


objSlide.NotesPage.Shapes(2).TextFrame.TextRange = ""


Next



So how does this chunk of code actually work? Well, to begin with, we create an instance of the PowerPoint.Application object and then set the Visible property to True; that gives us a running instance of PowerPoint that we can see on screen. The moment we have our instance of PowerPoint in hand we use the Open method to open the presentation C:\Scripts\Test.ppt, then use this line of code to retrieve a collection of all the slides in that presentation:



Set colSlides = objPresentation.Slides



And then we stop to catch our breath for a moment. Whew!



Fortunately it’s all downhill from here. To begin with, we set up a For Each loop to loop through each slide in the collection. For each of those slides all we do is execute the following line of code:



objSlide.NotesPage.Shapes(2).TextFrame.TextRange = ""



And you’re right: that is a crazy-looking line of code, isn’t it? Why is it so crazy-looking? Well, as it turns out, each slide has a NotesPage object that contains the speaker notes; the second shape on the NotesPage is a TextFrame object where the notes actually reside. To delete the notes for a given slide we simply need to set the value of the TextFrame’s TextRange property to an empty string.



Wow; now we really need to stop to catch our breath.



Fortunately, though, we’re pretty much done here; all we have to do now is – wait a minute: are you sure you’re one of the first 935 people to read this column? Well, OK; we have to take your word for it. Anyway, all we have to do now is go back to the top of the loop and repeat the process with the next slide in the presentation. And then we go back and do it all over a third time, and then a fourth time, continuing along these same lines until we’ve removed the notes from each and every slide in the presentation.



Now, what if you wanted to do this for all the .PPT files in a folder? Well, that’s easy; all you have to do is run this script:



Set objPPT = CreateObject("PowerPoint.Application")


objPPT.Visible = True



strComputer = "."



Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")



Set FileList = objWMIService.ExecQuery _


("ASSOCIATORS OF {Win32_Directory.Name='C:\Scripts'} Where " _


& "ResultClass = CIM_DataFile")



For Each objFile In FileList


If objFile.Extension = "ppt" Then


Set objPresentation = objPPT.Presentations.Open(objFile.Name)


Set colSlides = objPresentation.Slides


For Each objSlide in colSlides


objSlide.NotesPage.Shapes(2).TextFrame.TextRange = ""


Next


objPresentation.Save


objPresentation.Close


End If


Next



objPPT.Quit



And because someone is bound to ask, what if you did need a script that could echo back the speaker notes for an entire presentation? No problem. The following script opens the file Test.ppt and retrieves a collection consisting of all the slides in that presentation. For each slide the script echoes back the slide title (objSlide.Shapes(1).TextFrame.TextRange) and the speaker notes:



Set objPPT = CreateObject("PowerPoint.Application")


objPPT.Visible = True



Set objPresentation = objPPT.Presentations.Open("C:\Scripts\Test.ppt")


Set colSlides = objPresentation.Slides



For Each objSlide in colSlides


Wscript.Echo objSlide.Shapes(1).TextFrame.TextRange


Wscript.Echo objSlide.NotesPage.Shapes(2).TextFrame.TextRange


Wscript.Echo


Next



That should do it, TW; we hope you find this script useful, and we hope you enjoyed the 935thHey, Scripting Guy! column. We should level with you, however: believe it or not, there really isn’t any significance to the number 935. (Although 935 was the year when Haakon the Good, son of Harald Fairhair, reunited the Norwegian lands.) The truth is, we decided to celebrate column 935 for one reason and one reason only: when you’re a Scripting Guy, you never know when a given column might be your last. See you all tomorrow!

rdp tables metric version

The RDP has three tables...



Table 1 shows how depths and times interact to yield a certain nitrogen load. Depths are in metere and times are in minutes; Nitrogen levels are expressed with letter designations A-Z. A is little. Z is a lot. We call these letter designations pressure groups, abbreviated "pg".



Table 2 shows time intervals spent on the surface following a dive. When you surface after a dive your body begins losing the nitrogen built up during the dive. This table lets you know how much. The period of time spent on the surface in between dives is called the surface interval, abbreviated "si".



Table 3 is on the flip side of the RDP. (It is not labeled "Table 3" but that's what we'll call it from now on.) Use it to plan repetitive dives. If you do only one dive in a day, you won't need this table.



We've worked out some sample dive profiles to give you practice using the RDP. Read the instruction manual that came with your RDP and then work through these problems. If you get stuck, review the instruction manual and read the step-by-step solution we've given you after each example.



Get into the habit of using a dive planning profile for every dive. It looks like this.



diveprofile.jpg


Example 1


Finding a No-decompression Limit



What is the no-decompression limit for a dive to 14 meters?



To find this answer use Table 1. Note that depths in meters are given in the top row of the table. Find 14 meters. Follow down the column under 14 meters until you come to the last box. It is highlighted in black. It says 98 minutes. This is the no-decompression limit in minutes for a dive to 14 meters. (The no-decompression limit for each depth is in the last box in the column for that depth and is highlighted in black.)


Example 2


Finding the Pressure Group After a Single Dive



You dive to 14 meters and stay down for 32 minutes. What is your pressure group at the end of the dive?



Draw the diagram filling in all the information you have.





diveprofile2a.jpg



Next, find the depth in the top row of table 1. Follow down in the column under 14 meters until you find 32 minutes. Now, follow the row with 32 minutes to the left until you find a letter, in this case, the letter "H." The table is telling you that after a dive to 14 meters for 32 minutes, you are in pressure group "H." Write the "H" in your dive profile diagram.





diveprofile2B.jpg




ALWAYS Round Up!


ALWAYS Round Up!



Pop Quiz: When using the tables, if the exact depth or time you're working with is not on the table, should you round UP or DOWN?)



Do this next profile. It demonstrates how to calculate a dive when the exact depth and/or time you're using is not on the table.



diveprofile2c.jpg





Find the dive depth in table 1. Fifteen meters is not on the table so round up to the next greatest depth, in this case 16 meters. (ALWAYS round up. It makes your dive planning more conservative and therefore safer.) Follow down the 16 meter column to find 33 minutes. It's not on the table either. Again, ROUND UP, in this case, to 35 minutes. To find your ending pressure group, follow the 35-minute row to the right until you meet the letter "K." "K" is your ending pressure group after a dive to 15 meters for 33 minutes.




Example 3


Finding the Pressure Group After a Surface Interval



In Problem 2 you ended a dive in pressure group K. What will the new pressure group be after you stay on the surface for 28 minutes?



diveprofile3a.jpg





To find this answer starting from the pressure group designation K on the table, continue following in that row until you find 28 minutes (:28). In this case you'd choose the box with :23 to :29 minutes since 28 minutes is between the two. From that box, follow the column straight down to the bottom to the letter G. Gis the new pressure group after a 28-minute surface interval.





diveprofile3b.jpg




Example 4


Finding the Maximum Allowable Bottom Time for a Repetitive Dive



diveprofile4a.jpg





In problem 3 you ended in pressure group G after your first dive and a surface interval. Now you want to make another dive to 14 meters. What is the maximum allowable bottom time for this dive?



This is a repetitive dive so you will use the table on the flip side of the RDP. The depths in meters run down the left side of the table. Pressure groups run across the top of the table. Since you are in pressure group G, find G on the top row of the table. Now find the depth you plan to dive to, 14 meters. Find the square where 14 meters and pressure group G intersect. There are two numbers in the box, one blue and one white. The blue number is the maximum allowable bottom time. The answer to this problem is 69 minutes. This tells you that if you are in pressure group G at the start of a dive you can safely dive to 14 meters for no more than 69 minutes.





diveprofile4b.jpg




Example 5


Finding the Pressure Group After a Repetitive Dive



You and your dive buddy dive to 21 meters and stay down for 28 minutes. Following the dive you get back on the boat and stay on the surface for one hour and five minutes. On your second dive you go to 18 meters and stay for 30 minutes (your Actual Bottom Time (ABT). What is your pressure group after the second dive?



diveprofile5a.jpg





Start by finding your pressure group after the first dive. Twenty-one meterrs rounded up to 22 for 28 minutes puts you in pressure group N. After a one hour and five minute surface interval your pressure group has dropped to D. Now flip the chart over to the repetitive dive table. Find pressure group D at the top of the table. Find the depth of the dive, 18 meters, in the column at the left edge of the table. Now find the square where pressure group D and 18 meters intersect. There are two numbers in the square, one blue highlighted, the other white highlighted. The white number is the residual nitrogen time (RNT) in minutes, 16. This number tells you how much nitrogen is left over in your body tissues from your first dive. What do you do with this number? Remember the word "RAT."





R = Residual Nitrogen Time



+ A = Actual Bottom Time



_____________________



T = Total Bottom Time



In our problem:



16



+ 30



________



46



R, the RNT is 16. A, ABT, is 30. Add them together to get what we call the Total Bottom Time (T). Forty-six is the sum of the RNT and the ABT. This time, the Total Bottom Time is what you will use to complete the dive profile.





diveprofile5b.jpg





To get the final pressure group just flip back to table 1. You are diving to 18 meters for 46 minutes (not the actual bottom time of 36 minutes). The result is pressure group R.



diveprofile5c.jpg




Example 6


Finding a Minimum Surface Interval



You may know the exact profiles of dives you'd like to do. For example, if you want to do two dives on a wreck one after another, you would have to figure out how long a surface interval you'll need between the two dives in order to stay safely within no-decompression limits. In other words, you must find the minimum surface interval.



You want to dive the wreck of the Hesperus in 14 meters of water. Based on what you know to be your usual rate of air consumption you estimate you'll be able to stay down for 68 minutes. Since there's so much to see on the wreck that won't be enough time so you want to do a second dive. Again, you'll be in 14 meters of water and will stay down for 68 minutes. How long a surface interval must you have?



Start by finding the pressure group after the first dive. You know how to do that!





diveprofile6a.jpg





After the first dive, you are in pressure group S. Now you have to find the pressure group that you must be in before you start your second dive. Since it's a repetitive dive, use table 3.



Find the depth of the second dive, 14 meters, in the depth column of table 3. Next, follow across the 14 meters row in the blue numbers until you come to a number that is greater than or equal to the time of the second dive, 68 minutes. Sixty-eight minutes is not in the table, so, as always, ROUND UP to 69. Follow up in the column where you find the 69 to the top row of the chart. There you'll find the letter G telling you that you must have a surface interval sufficient to get you down to pressure group G before you start your second dive. Fill it in on your profile.





diveprofile6b.jpg





There's only one more step: find the minimum surface interval needed to reduce your residual nitrogen from pressure group S to pressure group G. Flip to the surface interval table. Find the higher pressure group, S, in the diagonal line of pressure groups bordering the left side of the table. Find the lower pressure group, G, in the row of pressure groups along the bottom of Table 2. Follow across the one and up the other until the S row and G column intersect. There are two times in the box, :57 and 1:03. You want to know the minimum surface interval so the lower of the two numbers is the correct answer. Fifty-seven minutes is your minimum surface interval. Fill it in on your diagram.





diveprofile6c.jpg





Now you've thoroughly learned the RDP. If you ever forget how to use it, read the instruction manual, come back to our website or contact us for help. It's important that you know the RDP even if you have a computer and rely on it. Suppose you spend lots of money to go on a dive vacation and your computer malfunctions before you start your dives. You can whip out your RDP and track your dives with it. Even worse, suppose your computer failed during a series of dives. If you'd kept track of your dives with the RDP as back up for your computer, you could fall back on that and continue your dives. If you don't know where you are on the RDP when your computer fails, the only safe thing to do would be to end your diving for the day. Always using the RDP can be a dive saver.

Friday, June 13, 2008

Experts unveil 'cloak of silence'

http://news.bbc.co.uk/1/hi/sci/tech/7450321.stm

response plan

austin.issa.org/WhitePapers/ISSAITD.pdf



incident response planning

http://www.google.co.uk/search?q=incident+response+planning

forensic readiness

http://www.google.co.uk/search?q=forensic+readiness

incident response planning

http://www.comptechdoc.org/independent/security/policies/incident-response-plan.html

forensicreadiness pdf

www.utica.edu/academic/institutes/ecii/publications/articles/A0B13342-B4E0-1F6A-156F501C49CF5F51.pdf

enterprise web 2.0

http://www.eweek.com/c/a/Security/Key-Scenes-from-Enterprise-20/11/

Sunday, June 8, 2008

powershell and wpf

http://blogs.windowsclient.net/rob_relyea/archive/2008/05/06/powershell-wpf.aspx

hide powershell

Show-PowerShell / Hide-PowerShell

During the Week of WPF, someone requested an example of how to minimize the PowerShell window.

Here's
a quick module to make it happen. Copy/paste the code below into
Documents\WindowsPowerShell\Packages\PowerShell\PowerShell.psm1

$script:showWindowAsync = Add-Type –memberDefinition @”
[DllImport("user32.dll")]
public static extern bool ShowWindowAsync(IntPtr hWnd, int nCmdShow);
“@ -name “Win32ShowWindowAsync” -namespace Win32Functions –passThru

function Show-PowerShell() {
$null = $showWindowAsync::ShowWindowAsync((Get-Process –id $pid).MainWindowHandle, 10)
}

function Hide-PowerShell() {
$null = $showWindowAsync::ShowWindowAsync((Get-Process –id $pid).MainWindowHandle, 2)
}

Now you can use the code below to Show and Hide PowerShell:

Add-Module PowerShell
# Minimize PowerShell
Hide-PowerShell
sleep 2
# Then Restore it
Show-PowerShell

Hope this Helps,
James Brundage[MSFT]

Friday, May 30, 2008

Secure E-Mail Using Digital Certificates

http://technet.microsoft.com/en-gb/magazine/cc510324.aspx

software restriction policies article

http://technet.microsoft.com/en-gb/magazine/cc510322.aspx

vmware server on hardy heron

If you are facing the same issue, then here is the full guide to install VMware Server (works for VMware Workstation 6.5 beta too) and get it working in Hardy Heron:



Download VMware Server 1.0.5 to your home folder



Download the patch file vmware-any-any-update-116.tgz to your home folder.



Extract the Vmware-server-1.0.5-80187.tar.gz to your home folder (either via Archive manager or type tar zxf Vmware-server-1.0.5-80187.tar.gz in the terminal)



Extract the vmware-any-any-update-116.tgz to your home folder (either via Archive Manager or type tar zxf vmware-any-any-update-116.tgz in the terminal)



Install the necessary dependencies



sudo apt-get install linux-headers-`uname -r` build-essential


sudo apt-get install xinetd gcc-3.4



If you are using 64 bits system, you have to install the additional files



sudo apt-get install ia32-libs



Run the VMware Server installer



cd vmware-server-distrib


sudo ./vmware-install.pl



You will be prompted to answer some questions. Press ‘Enter’ to select the default answer. When it reaches the point that requires you to run vmware-config.pl, type ‘No‘. The installer will exit.



Next, apply the patch



cd


cd vmware-any-any-update116


sudo ./runme.pl



This time, press ‘Enter’ for all the questions and enter ‘Yes‘ to run the vmware-comfig.pl.



Once it has finished compiling, you should now see the VMware console in your Applications->System Tools. If not, you can start VMware Server by typing vmware in the terminal.



When you launch the application, it might generate an error message saying that it can’t find the cairo version. No worry, just copy the files over and it will work.



sudo cp /usr/lib/libpng12.so.0 /usr/lib/vmware/lib/libpng12.so.0/


sudo cp /lib/libgcc_s.so.1 /usr/lib/vmware/lib/libgcc_s.so.1/



For 64 bit users



sudo ln -s /usr/lib32 /usr/l32


sudo sed -i -e ’s/usr\/lib/usr\/l32/g’ /usr/lib32/gtk-2.0/2.10.0/loader-files.d/libgtk2.0-0.loaders


sudo sed -i -e ’s/usr\/lib/usr\/l32/g’ /usr/lib32/libgdk_pixbuf-2.0.so.0.1200.9



That’s it. Your VMware Server should be working now.



Thursday, May 29, 2008

RIM under pressure

rim

Tuesday, May 27, 2008

prelude ids

link to website

here

protecting users against themselves, part 2

protecting users against themselves




AUSCert comment

Brian Snow’s (Former Technical Director for NSA’s Information Assurance
Directorate) talk on Assurance was pretty good. There were some leaps
to be made from an open market to where he figures things should be,
but given that he was there with a “Security Evangelist” title, his
guidance was pretty much spot on. He provided a quote from Robert
Morris Sr. to support one of his arguments, I thought it quite clever: “Systems built without requirements can’t fail, they merely offer surprises. Usually Unpleasant. –Robert Morris”. He also shared the observation about the one-word synopsis for computers and security: computer::sharing && security::isolation, there’s indeed a bit of irony in this.

dns resilience

what is current resilience of website dns?
test

test

Monday, May 26, 2008

cisco rootkits article

http://isc.sans.org/diary.html?storyid=4453

hexdump.com website

http://www.hex-dump.com/PB/index.html



image recognition software

new advances in image recognition software, down to pc type performance



image recognition link

mini slax distro

nimblex



nimblex

selling security

schneier article on selling security



schneier article

xen book to buy

hands on guide to xen



hans on xen

patching policy

what is patching policy of devices, not software?

system eyes and ears monitor - SEEM

general settings tool



SEEM

usbhistory tool

http://nabiy.sdf1.org/index.php?work=usbHistory



usbhistory tool

Sunday, May 4, 2008

iptables openwrt logging

http://www.quietearth.us/articles/2006/10/25/Iptables-logging-in-openwrt

iptables visualisation

http://www.quietearth.us/articles/2006/11/17/Iptables-3D-connection-visualization-with-doomcube-and-netcat



white russian openwrt screenshots

http://wiki.x-wrt.org/index.php/White_Russian_Presentation

Friday, May 2, 2008

socat examples

list of socat examples, ie port forwarding



socat

darkreading 10 most popular stories

dark reading

toast

manage source installations



http://www.toastball.net/toast/



Tuesday, March 25, 2008

Intel Researching New Approach to Laptop Security

http://www.darkreading.com/document.asp?doc_id=149076&f_src=darkreading_default



software approach to analysing users usage on laptops

How Real is the threat from Web based Malware?

http://www.sophos.com/security/blog/2008/03/1202.html?_log_from=rss



data from blog



1 in every 206 page requests (0.48%) were blocked as being either a medium or high risk.


1 in every 465 page requests (0.22%) were high risk.


1 in every 766 page requests (0.13%) were sites known to be hosting malware.

glossary of spam terms

taken from sophos blog



http://www.sophos.com/security/spam-glossary.html#mousetrapping

Sunday, March 23, 2008

SNORT version 3

http://www.darkreading.com/document.asp?doc_id=148901&f_src=darkreading_default



new version of snort, supposedly self learning of network environment

Dual factor authentication solution

http://www.darkreading.com/document.asp?doc_id=148946&f_src=darkreading_default



Dual factor authentication tokens in US Treasury department. Low cost and disability aware

Taken from article

http://www.symantec.com/enterprise/security_response/weblog/2008/03/another_reason_why_microsoft_s.html


Microsoft's list of 'bad' file types

List of 'bad' Microsoft file types that attachment manager would normally block



Bad file types

 
Copyright 2009 Security Monkey. Powered by Blogger Blogger Templates create by Deluxe Templates. Sponsored by: Website Templates | Premium Themes. Distributed by: blog template