virus outbreak

Man...Life's bz like hell. No time to even update blog. So many interesting things happened in my life...where to start....maybe i'll update on my next post (not sure when)

As for now there has been a virus outbreak in my working environment...global outbreak...some attacker out there exploited in one of the MS vulnerabilities (out of band release) released last month. To be specific, it's MS08-067 - Vulnerability in Server Service Could Allow Remote Code Execution.

Initially all client machines and servers was patched (my team was responsible to initiate and coordinate the patching activity). However some smart peaople out there failed to adhere to instructions...causing mass exploit of servers and client machines.

Apparently the attacker deployed a worm (remotely) that could drop copies of itself to system root. From there, it accesses certain website which downloads trojans to this machines/servers. The trojan then uses random ports to access port 445 at other location i.e domain controller and Active Directory. It then does a brute force to get username and passwords.

Our IDS team initialally capture the suspicious traffic and allerted us. We then continued our investigation, found the root cause and currently performing the clean up. Our anti virus vendor came up with the bandage pattern file that detected and quarantines these malicious files.

Now we're pushing the patch (to unpatched servers/machines) via SCCM. The bandage pattern is also being deployed. BSOD also occured during the deployment...making our task miserrable. The earliest i go back home nowadays is 9 p.m. Go back then have to wake at 3.00. a.m. to sit for confrence call with the rest of the teams globally.

Lesson - Never ever take a MS patch for granted...deployed it as soon as it's released!

p.s. - *NIX users should be celebrating by now (i'm damn sure the attacker is a *NIX maestro)

The post effect of 'LOpoNg....*@#!$%

For those who don't know what lopong is, it means being too free without anything to do...and this term has left an effect on me...'BIG TIME'.

You see, during my previous employment, my major tasks was basically very simple. I would be having nothing to do most of the time....whatever extra i learn and did was on my own initiative.

As expected, 'lopong' is neither applicable nor exist is in my new environment. I have to be on my toe 24/7. Any mistake will cost billions....yes BILLIONS!

Due to lopong, my start here was a little dull/slow. Expectation on me was more or less high. Everyone else was moving fast, tasks given are finished in split seconds. They have to as more and more will keep on coming non stop.

I took longer time t0 finish tasks initially. I had to understand the process and procedures. Every single process had to go through the proper channel. Everything was documented. Even if one were to install something, approval from multiple people had to be obtained. All impacts caused by a change is analyzed before deployed.

With God's blessings, i'm now able to compete with the herd. Not at the peak but slowly getting there. This is because i utilized the 'lopong' time previously to get some supplies for future. Guess it worked!

Lucky for me i did not get sucked into the 'lopong world'. As a result, i could cope with the new challenges even though it was tough in the beginning. To my friends, a piece of advice....DON'T ever enjoy the 'lopong' time....trust me, the outside world is way bigger and much tougher then expected...Mr. Lopong will backfire.....

DAMN!....I miss blogging

Just can't find the time.....sigh

Received my first Microsoft certificate!

Can you believe it...i just (last Friday) received my first Microsoft certificate. The best part is it was endorsed by Mr. Bill Gates himself! The certificate was awarded to me after i completed a 3 days course titled 'Maintaining and Troubleshooting Windows Vista Computers' at one of Microsoft's training center in KL. The course code is MS5118 (look it up in Microsoft training library). the feeling is just ecstasy. The trainer gave a tremendous walk through on how to troubleshoot Windows Vista errors. He was a certified trainer. I even got a Microsoft book which can't be purchased in the market.

Now, thats what i'm talking about being appreciated. The motivation to work is always there. The best part is, the organization don't bond you for this kind of trainings and certification. This year, i'm lined up for ITIL (IT infrastructure library...google it up) and MCSE certification. ITIL is the mandatory certification. My new environment requires me to have a very sound technical skills on Win2k and vista. Thus the certifications are made compulsory.

The coolest part is...i'm given a laptop...brand new...out of the box...complete with docking station, 2 mouses, additional keyboard, etc. The laptop is equipped with smart card reader and thumb recognition. Thus, it can be only accessed using my 62bit smart card. cool eh...and its FOC...The specs i shall give in another post. Will try to get a snapshot as well.

The sad part is, since i'm given a laptop, i'll be required to work from home. Not all the time, but once in a while. So that is not a problem. Besides, the rewards are good so i have no complains. Again ,as my friend said earlier...the company gives you shit, shit is what the company gets back...but when it treats you well...it will mines gold out of you.

I feel Good!

Well...working office hours feels good. But i kind of miss the off days i use to have. I was at home most of the time; sleeping, playing with my son, paying bills etc. Now, those off days has been stripped off. Have to work five days, office hours. Yet, it feels good. Body feels refreshed and energized. There's a gym in my office, equipped with the state of the art equipments. Will be paying a visit soon...after buying a pair of shoes...hehehe

Now, my off days that i use to have in abundance has been replaced with working days...with a reward...a better bank balance at the end of the month. I feel appreciated. When i work on shift, the different hours often causes in frequent change of sleeping pattern. This usually resulted in me falling sick, headache, fever and all types of illness. The body actually fails to adapt to different sleeping hours as age passes by. 10 years ago, i could stay up all night working /studying but now its a little different. As advised by my doctor, the younger generation is more suitable for working shift. Not that i'm old. I consider myself very young. But taking into consideration my family, its time to leave the shift hours which has been my friend for the past 5 years. But the results are good.

I definitely prefer the current working hours. More time to spend with my wife, son and nephews and adorable niece.

Security Analyst vs Security Consultant

A topic that caught my attenion some time ago. What is a jobscope of these two people? Well, since i was/am still in the industry, i can shed some light on the jobscope of both the positions. A security analyst is someone who has knowledge on a number of areas; OSes, programming langauge, tcp/ip etc. He/she must be able to use the many different tools to perform analysis task i.e. tcpdump, wireshark, squil, mrtg, ntop, acid, ossec etc. These some of the many essential tools that a security analyst must be familiar with. Besides that, he/she must also be able to detect accurately and response promptly to any incident issues. Most importantly, he/she must be able to do root cause analysis to determine the authenticity of a suspected event.

How about a security consultant? A Security Consultant is a person who has advanced skill in the world of security. NSM is at his/her fingetips. He/she is someone who could differentiate the output given by tcpdump and output from wireshark. The name itself carries a significant weight that a consultant can be proud of; the word consultant. Anyone could just walk to a Security consultant and ask advise on how to secure a network. That is the meaning of consultant=consultation. The network topology can vary from bus to mesh yet the Security Consultant could provide you with in depth recommendation on how to secure the network. He/she not only has the fundementals, but are experts in breeding a Security Analyst.

IMHO, this guy, this guy and my good friend Mr. Gigco are worthy Security Consultants. I've seen what these people can do. I strongly believe they can be approached by anyone regarding building a secured network and trust me they will live up to the task.

p.s - a person taking down minutes of a meeting, generating automatic report, ordering food and typing letters is known as a clerk. You don't need to be a rocket scientist to know that.

Back to business

Hehehe...i can come back to blogging now. Wanted to become an active blogger but certain restrictions had prevented me from doing so. However, i'm now free of those constraints and have now purchased the freedom of speech....muahahahaha.

For a starter, let me tell you about a friend of mine who recently quit his job with his company. I meet him for tea this evening and we had a rather long chat till late evening. Among the discussed topics was the resignation rate in his company. It seems that many of the employees started to resign recently; to be more precise since middle of last year. The latest lost was my friend. I've known this friend for a very long time and he is well known for his dedication towards the tasks given to him. He is hardworking and always eager to learn. Yet why did he resign? So i asked him why was the resignation rate in his company at such an alarming rate. He answered, "When the company gives you shit, shit is what the company will get back". Whoa! Why such an answer? He must be really disappointed. Well....i don't know.