From lyger at attrition.org Tue Aug 12 00:58:30 2008 From: lyger at attrition.org (lyger) Date: Tue, 12 Aug 2008 00:58:30 +0000 (UTC) Subject: [attrition] news: Back from Vegas: Good, Bad, and Fugly Message-ID: Back from Vegas: Good, Bad, and Fugly Mon Aug 11 2008 18:32:51 Lyger "Lyger Team" made it back from this year's Black Hat and Defcon "conferences" (note the quotes) in one piece, but probably only because there weren't too many good opportunities to break anything. By now, everyone has probably read the media stories about the reporters who were banned for life for sniffing the media network, or the legal discussion surrounding the state of Massachusetts filing an injunction against three college students scheduled to present their research. For some, the event as a whole was probably a lot of fun, but there were plenty of things that really kept it from being as enjoyable as it could have been. After meeting up with Jericho and d2d on Wednesday afternoon, we headed out to Black Hat. Since I wasn't an official attendee, I can only offer input as to what I saw from an "outsider" point of view. Disclaimer: This is my opinion and my opinion alone. If you disagree, fine. If you agree, fine. Email me your opinions. I'll be polite in my responses... unless you're trolling, in which case there will be a "suitable" response. First, I did scan through the list of BH briefings, and there's just no way I could justify convincing my employer that sitting in on a handful of these over a few days would be worth the $1500 (or so) admission charge. Think about it from an economic standpoint: if you're attending a BH seminar, chances are good that you're a security professional in some sense. If you attend eight seminars (which is highly unlikely because you're in VEGAS, HELLO), that's almost 200 bucks a session. Let's not even include the hotel and airfare to and from the conference. If your employer trusts you enough to go to Vegas on the company dime, attend these sessions, retain the information, and use it for business purposes going forward, then your employer is quite possibly: a. uninformed about the general content of Black Hat presentations b. willing to spend more money on pointless security "solutions" based on technology instead of REAL staff training, or c. a retarded douchebag [...] From lyger at attrition.org Sun Aug 17 01:25:07 2008 From: lyger at attrition.org (lyger) Date: Sun, 17 Aug 2008 01:25:07 +0000 (UTC) Subject: [attrition] rant: How a PR Miracle can save VMware from itself Message-ID: http://attrition.org/security/rant/vmware/ How a PR Miracle can save VMware from itself (And how one little itsy-bitsy code snafu has resulted in a huge FAIL for the soon-to-be AMD of the virtualization industry.) Sat August 16 19:37:01 EDT 2008 By: martums On or about 12 August 2008 at 1238 hours EST AU , VMware Communities user mattjk of Melbourne, Australia, started a thread in the VI3 ESX 3.5 Communities Discussion Forum. This thread was one of the earliest public, high-profile indicators of the failure of ESX & ESXi 3.5 update 2 to power-on or VMotion virtual machines, aka guests, if the ESX (or host) server time was on or after 12 August. Effected builds include 103908 & 103909, respectively ESX and ESXi. Without VMotion, features leveraged by Enterprise customers such as High Availability (HA) and Distributed Resource Scheduler (DRS) also failed, potentially crippling some VMware shops. Within 24 hours, over 500 responses to the original post were added. One by one, as clocks in each successive time zone moved into Tuesday morning, the early adopters of 3.5 update 2 around the globe began to encounter "A General System error occurred: Internal error" in their Virtual Infrastructure (VI) client applications. As the numbers of host failures increased globally, the impacts of this incident had several obvious effects on the vendor: * The communities thread started by mattjk grew quickly, with hundreds of replies and tens of thousands of views. * Concurrently, those same early adopters flooded VMware Support with telephone calls. * The web servers hosting the VMware knowledge base were effectively slashdotted. Behold... The First Global Hypervisor Failure Initial indications suggested that VMware erroneously released their latest ESX & ESXi server product builds with some sort of time-limitation which impacted the ESX host's license management. This release of ESXi was the first time any edition of ESX, (in this case, just ESXi), had been made freely available, in an earlier announcement by Paul Maritz, the new boss, head man, top dog, big cheese. Free, as in (light) beer. (I realize that the rule is never complain about free beer. But this one tastes terrible). [...] From lyger at attrition.org Sun Aug 24 03:53:22 2008 From: lyger at attrition.org (lyger) Date: Sun, 24 Aug 2008 03:53:22 +0000 (UTC) Subject: [attrition] postal: ;DECLARE%20@S%20CHAR(4000);SET%20 Message-ID: http://attrition.org/postal/p0017.html dancing with the fishes do reboot koochy-koo a tribute to josh (#6 in a series) CISSP fail goats are ok, midgets are just wrong it's a job apprenticeship applicants care not what people think endow the idiot with dignity [...]