Like we really needed this.

Hacker’s Blog

December 14, 2005

Security for Calculators

Filed under: Security — Hacker @ 9:10 am

I think it’s about time that we document security for calculators. No, I’m not talking about the cherished TI-35 that I’ve got buried in a drawer somewhere. I’m talking about the machine I’m working on and its brethren. I’m also not talking about documenting the security of calculators. Security for calculators. That is, security documentation that can be understood and processed by computers as well as people.

Let’s face it; if it wasn’t for people, then we wouldn’t be having all of these information security problems. The InfoSec world continues to get more and more complex, and yet for the most part, people are required to process all this complex data. Let’s look at a couple of specific examples.

First are the IP Services and ports that are required to support an application. Often this traffic must pass through a firewall or NAT (or both) and often there are issues around that. Currently if this is documented at all, then it is a poorly formatted list of TCP/UDP ports and possibly end points. Some expensive firewall engineer has to look at those, determine if there are any security issues with them, and then correctly translate them into the format the firewall understands. Anomaly IDS sensors have to learn the application flows, because no one can take the time to tell it what they should be. Etc.

The effort to load firewalls and other security devices could be reduced substantially by having some XML schema for documenting the IP services in use. Security is only as good as the knowledge about the application in question. Having such standards would substantially enhance the ability to know what was going on within an application.

A second area is within RFC standards. Currently, if there is a security section at all, it again must be parsed by a human. Does a service provide its own authentication? What controls are available within the service? What are the expectations, dependencies etc? Even having the packet schema in XML would help a lot in developing parsers for new protocols. I’ll probably need to explain this in more detail this, but that will have come later.

Ultimately security is too important to leave up to us humans, but we’re never going to get computers to do it well if we can’t put things in terms that they can understand. We have the tools, XML, various standards bodies, etc. We just need to start using them.

• • •
 

December 9, 2005

My Original Site

Filed under: Personal — Hacker @ 2:39 pm

I thought I post the text of my original site that lasted for over two years…

Welcome to the homepage of Eric Hacker.

Yes, my original unchanged family surname is an aptronym.

This domain became active on Tuesday, Nov 18th 2003 and I have not had much time to create a site. It was only on a whim that I even checked to see if it had become available, as it had been taken but not used for quite some time. Now the domain is in the hands of a ‘real’ Hacker who has had no time to plan a real site.

Expect to find some information about my professional interest in information security here soon.

Yep. That’s it.

And there’s still nothing about information security here yet.

• • •
 

December 8, 2005

What’s up with the knee?

Filed under: Personal — Hacker @ 11:21 pm

What’s up with the knee?

Saturday October 22nd began easy enough. I was coming off of an 80 hour work week and spending Saturday morning taking the boys to a birthday party for a 7 year old classmate at an indoor soccer field. First crisis: I learn upon arriving that the soccer match is to be parent’s versus the kids.

Clad in my best Doc Marten boots I was not exactly prepared to play soccer. But I knew that I needed to be a positive role model for my eldest son who often held back from engaging in new activities. And heck, I used to play soccer over 20 years ago. They’re just kids, how bad can it be? Such is the logic of a Dad after an exhaustive work week.

So out onto the field I lumbered. The astroturf was this soft shaggy material. It seemed innocent enough. Not even three minuets into the game, and I try a sliding steal to get the ball away from some eight year old girls, and pop, twist, crunch goes my right knee. I find out afterwards that astroturf is a leading killer of knees.

The final diagnosis from the MRI was that I tore the ACL, the MCL, bruised the bone and generally made a mess out of my knee. I had been doing my Physical Therapy and finally seeing some results. Just as I was starting to get mobile again, I had the ACL reconstruction surgery on December 5th.

This has been the highest sustained pain I have ever experienced. Yes, it was even worse than the Army. I think I’ve found the right pain killer cocktail to let me function somewhat. That is, if you think these blog posts are functional.

Peace,
Hacker

• • •
 

Well, it’s about time.

Filed under: Personal — Administrator @ 12:27 pm

So, I’m recovering from knee ACL reconstruction and in a lot of pain and someone I haven’t heard from in couple of years drops me a two line email chastising me about the fact that after two years I still don’t have a web site for my new domain. Fast forward a couple of hours, still in pain, because the Tylenol #3 ain’t good enough to kill all the pain but that codeine is plenty good enough to keep me awake at 1 AM, and I get up out of bed, crutch over to my office, get uncomfortable in my chair because there is no comfortable position and start hacking. Anybody in their right mind wouldn’t be doing this, so whatever this first blog entry turns out like, remember, it’s my normally odd self pushed over the edge.

I hop on over to my “new” hosting provider, and start to get set up for bringing my final domain over. It goes smoothly, until I hit a glitch with the WordPress install. Oh well. It will probably take a few days for DNS changes to propagate anyway.

17 hours, several naps, physical therapy and other interruptions later and I think I finally got the graphics into the “annoying enough but still legible state” and this blog is ready to roll. Still a lot I have to figure out about WordPress and whatnot, but what the heck, it’ll never happen if I try to get it perfect.

So thanks Ric, please let me know next time your suffering from a major illness so I can point out how unkempt your yard looks.

Peace,
Hacker

• • •
 
Like we really needed this.