The Lazy Genius

Open Call for Audtions

Xavier Ashe — Mon, 12 May 2008 23:31:00 -0400

DigiTribe Productions, LLC (Geekin', After, The Statement of Randolph Carter) is pleased to announce open auditions for our newest feature film project, currently known as "The $1,000 Feature".

The Project: Our goal is to push ourselves to our creative limits and create an entire 90-minute feature film for exactly $1,000. We will be keeping an open production diary throughout filming and publishing the budget as the money dwindles away. The film itself is a dark, violent drama about one man's quest to save a friend. For more information on the 1KF, please check out our website -- www.digitribe.net
Due to the ultra-low budget nature of the film - compensation will be limited to meals, credit & copy.

Characters: Most, but not all, roles are for early 20's to mid 30's, male and female. Further information on roles can be found at: http://www.digitribe.net/projects/1kfeature/audition/roles

When and Where: Auditions will be held Saturday, May 24th from 11:00 AM to 4:00 PM at Eyedrum, located at 290 MLK Jr. Drive, Suite 8, Atlanta, 30312. Performers will be seen on a first come - first served basis.

RSVP: Headshots and resumes will be accepted in advance and can be sent to 1kf-auditions@digitribe.net or PO Box 42 Jonesboro, GA 30237.
Some performers who pre-submit a headshot & resume may be selected for the Priority List. These performers will be notified by email, and will be sent to the head of the line when they arrive at the audition.

You need a Mercedes Benz

Xavier Ashe — Thu, 20 Mar 2008 23:05:00 -0400

I am selling my Benz. Who wants it? $500 off the edmunds.com price by mentioning this blog.

2003 MERCEDES C320
Price:$18,268
Mileage:77,129
Color:Black
Doors:4
Features:
Air Bag, Air Conditioning, Anti-Lock Brakes, CD player, Heated Seats, Leather Interior, Power Seats, Power Steering, Power Windows, Security Features, Side Impact Air Bags, Sunroof, Traction Control

Additional Comments:
This car has served me well, but I am getting married and need to get a bigger car (more kids!). It is priced to move. It's in near perfect condition. This is a very fun drive. Give us a call to schedule a test drive any time (we work from home). More details: AM/FM Stereo; Multi-CD Changer; Cassette; Premium Audio System (Bose); 4-Wheel Anti-Lock Brakes; Dual Control Air Conditioning; Alloy Wheels; Cruise Control; Front And Rear Head Air Bags; Rear Window Defroster; Power Seats; Leather Seats; Power Door Locks; Power Heated Mirrors; Power Windows; Power Steering; Front And Rear Side Air Bags; Sunroof/Moonroof; Tinted Glass; Power Tilt Wheel; Bucket Seats; Fog Lights; Lighted Entry System; Automatic Climate Control; Memory Driver And Passenger Seats; Power Telescopic Steering Wheel; Clock; Trip Computer; Stability Control; Anti-Theft Alarm System; Rear Bench Seat; Remote Trunk Release; Leather Steering Wheel Trim; Center Console; Garage Door Opener; Keyless Entry System; Wood Interior Trim; 16 Inch Wheels; 3.2L V6 SOHC 18V FI Engine; Tachometer; Traction Control; Audio Steering Wheel Controls; Leather Shift Knob Trim; Intermittent Wipers; Daytime Running Lights; Turn Signal Mirrors Contact Xavier Ashe 404-229-8905, xashe@digitribe.net

New IBM Redbook - Deployment Guide Series: IBM Tivoli Compliance Insight Manager

Xavier Ashe — Tue, 19 Feb 2008 11:03:00 -0500

In order to comply with government and industry regulations, such as Sarbanes-Oxley, Gramm-Leach-Bliley, and COBIT, enterprises have to constantly detect, validate, and report unauthorized change and out-of-compliance actions on their IT infrastructure.

The Tivoli Compliance Insight Manager v8.0 solution allows organizations to improve the security of their information systems by capturing comprehensive log data, correlating this data through sophisticated log interpretation and normalization, and communicating results through a dashboard and a full set of audit and compliance reporting.

We discuss the business context of security audit and compliance software for organizations, and we show a typical deployment within a business scenario.

This is the second IBM Redbook covering IBM Tivoli Compliance Insight Manager - the first book being the Compliance Management Design Guide with IBM Tivoli Compliance Insight Manager, SG24-7530.

This IBM Redbooks publication is a valuable resource for security officers, administrators, and architects who wish to understand and deploy a centralized security audit and compliance solution.

Download the Deployment Guide Series: IBM Tivoli Compliance Insight Manager
Publish Date: February 15, 2008 ISBN Number: 0738485705

More feedback about IBM Security

Xavier Ashe — Sat, 03 Nov 2007 12:32:00 -0400

I am getting word if more and more coverage on these announcements that IBM made on Thursday. Here are a few excerpts from new stories:

Investor's Business Daily: "It's an extremely ambitious strategy but also one that plays well to some of the company's fundamental strengths," said analyst Charles King, of research firm Pund-IT, whose clients include IBM. It "does very well at developing end-to-end solutions and its view of enterprise IT is quite sweeping in comparison to some of its competitors."

eWEEK: "We've been seeing the security market itself lurch form headline to headline, and customers in particular need to stop thinking about their strategy in terms of the latest crisis," said Lovejoy. "We're trying to elevate risk management above other security conversation; starting with PCI fits that mold well, because it dovetails with this concept of starting with a risk management plan."

Investor's Business Daily: "The more we engage with our clients, the more it becomes clear that security as it has been until now is broken," said Val Rahmani, general manager of infrastructure management services for IBM Global Technology Services. "Many clients have 32 different vendors doing security for them. Who can manage 32 different vendors doing related aspects of the same thing?"

InfoWorld: "[IBM is] in a position that few others in IT can match or challenge when it comes to having a fairly complete story across multiple aspects of enterprise IT and systems integration—but security had long been an obvious gap in that story," said Scott Crawford, an analyst with Enterprise Management Associates. "What they are pushing towards with this announcement is a strategy that takes a more comprehensive approach to security across multiple fronts. With the rise of focus on a more strategic approach to GRC, I would expect more vendors to take a more strategic approach to the IT security and risk management market," he continued. "This is an example of a company that can take on such an initiative with more credibility than many."

And we also have some video and radio coverage:

Bloomberg
NBC (18 Clips)
ABC (14 Clips)
WCBS (radio):

IBM Security, a good place to be right now!

Xavier Ashe — Thu, 01 Nov 2007 15:40:00 -0400

NYTimes.com - IBM Plans Major Security Initiative
Bloomberg - IBM Plans to Spend $1.5B to Help Customers Secure Data
ZDNet - IBM touts enterprises free of fear and $1.5B security spend
SearchSecurity.com - IBM to boost security spending, push PCI DSS program
Internetnews.com - IBM: Security Is Our Brand
HardOCP - IBM Announces End-to-End Solution for PCI Compliance

Just to name a few... So, yeah, I've been busy. I am now working on both Tivoli Security Operations Manager (TSOM) and Tivoli Compliance Insight Manager (TCIM). These products work very well together in what is dubbed "The IBM SIEM Solution". The articles above speak of Tivoli and Watchfire (part of the Rational brand) in Software Group and ISS in Global Technology Services. So the $1.5B will be spread around a bit.

The comforting thing is that IBM is making a significant investment into allowing it's recent acquisitions (Consul, Micromuse, ISS, Watchfire) work together to meet the customer's needs. No longer will people doubt me when I say "I'm a security guy" and "I work for IBM" together.

Here's the official press releases:

This security boy got religion!

Xavier Ashe — Wed, 23 May 2007 23:20:00 -0400

Hello to all you security geeks out there. This is just a quick note to let you know I have another blog that I just started. I just joined the Unitarian Universalist Congregation of Atlanta (UUCA) and wanted to write up some of my spiritual perspectives. So if any one is interested, the name of the new blog is Gnu UU. See... I may have went and got all holy and stuff... but I'm still a geek. Look for continual erratic updates to this blog. Thanks to all my readers, keep the emails coming, but feel free to comment every know and then too!

This is just too much fun...

Xavier Ashe — Fri, 04 May 2007 15:39:00 -0400

[15:21] olgafun01: Hello,How are you doing?
[15:21] me: good
[15:22] olgafun01: Okay
[15:22] olgafun01: Can you still help me
[15:22] olgafun01: ?
[15:25] me: help you?
[15:26] olgafun01: Yeah
[15:26] olgafun01: I told you before that i wanna clear my goods down there in African and i need your help
[15:26] olgafun01: By given me some money to clear the goods out of threre and get it sell and after bthat i gonna pay you back as soon as i get the mony paid from him
[15:27] me: sure, how much are we talking about?
[15:28] olgafun01: $750
[15:28] me: no problem, send me your account number and routing number and I'll get it to you
[15:31] olgafun01: Okay
[15:31] olgafun01: But i dont have that
[15:32] olgafun01: Dont need of account number for now.you gonna make the payment through western union
[15:34] Meebo Message: olgafun01 is offline

It's nice to be entertained every now and then. I can't believe the persistence.

Scammers don't know when to quit

Xavier Ashe — Wed, 18 Apr 2007 14:42:00 -0400

Except when you mention the FBI:

[13:53] olgafun01: How are you doing?
[13:53] olgafun01: Hello
[13:53] olgafun01: Buzz!!
[13:54] me: Ever get back to the US?
[13:55] olgafun01: Yeah
[13:55] me: Good, what city is it that you live in again?
[13:56] olgafun01: Am still in UK
[13:56] me: So are you in the US or the UK?
[13:57] olgafun01: UK now
[13:58] olgafun01: But i wish to get to you before next 2 weeks okay
[13:58] me: okay... You live in Atlanta right?
[13:59] olgafun01: Nop
[13:59] me: where do you live?
[13:59] olgafun01: I live in Clarksville TN
[13:59] olgafun01: That is where am really from
[13:59] olgafun01: And you?
[13:59] me: oh yeah, that's right. So whatcha doing in the UK?
[14:00] olgafun01: I tolld you before that i wnet to UK for some project
[14:01] olgafun01: U there?
[14:02] me: What is that you do for a living?
[14:02] olgafun01: I work as an interior Decorator / computer Consultant for interior/remodelling companies....
[14:02] me: sounds fun.
[14:03] olgafun01: Ohh yeah
[14:03] olgafun01: What do you do too?
[14:04] me: Internet Fraud Investigations
[14:04] olgafun01: Okay
[14:05] olgafun01: So where are you?
[14:05] olgafun01: Tell me what you really do for you living?
[14:05] olgafun01: Coz that is not wor
[14:05] olgafun01: work
[14:06] me: yes it is. this is part of work I do: http://www-935.ibm.com/services/us/index.wss/summary/imc/a1026055?cntxt=a1000451
[14:07] olgafun01: Okay
[14:08] me: But I am more on the consulting side. I go help companies track down the bad guys
[14:08] olgafun01: Okay
[14:08] olgafun01: That is a good work
[14:08] me: yeah.. it's fun. I get to work with the FBI alot.
[14:08] olgafun01: Brb please

She may be back, but it's been about 45 minutes. I think she might be a bit scared now. We'll see.

Preparing for Security Event Mangement

Xavier Ashe — Mon, 09 Apr 2007 12:23:00 -0400

Ahh, finally a topic near and dear to my heart, Security Event Management (SEM). Well, at least it's near and dear to my paycheck. The whitepaper (PDF) is released by Three Sixty Information Security, a security consulting firm based in London. It covers what is SEM, and how to prepare for it. Since most the work I do right now is post sales, I usually miss the opportunity to promote this level of planning. So to all the future customers of TSOM: read this paper and give some good though to planning. More often than not, the database that is created by TSOM (and any SEM for that matter) is one of the largest databases a company will manage. But planning for a large database is only part of the story. And I thank Three Sixty Information Security for putting together a decent whitepaper helping future customers.

Oracle Scripts

Xavier Ashe — Mon, 09 Apr 2007 11:35:00 -0400

IBM Tivoli Security Operations Manager (TSOM) supports two databases, Mysql and Oracle. Mysql has many resources that are free and easy to use online. Oracle, however, is a bit more challenging. As a product consultant I am tuning databases as often as I am working with TSOM. Unfortunately, I am not a DBA. I am nearly a MSDBA, but never finished taking all the tests required. So working with Oracle has been fun. Today I came across a collection of oracle scripts posted by Pentest Limited (a UK based security firm). These are probably easy as cake for Oracle DBAs, but will help me immense in the field. Also posted on their downloads page is BTScanner:

BTScanner for XP is a Bluetooth environment auditing tool for Microsoft Windows XP, implemented using the bluecove libraries (an open source implementation of the JSR-82 Bluetooth API for Java).

Requirements : Windows XP Service Pack 2 with a Microsoft Windows supported Bluetooth driver. This will not work with the WIDCOMM Bluetooth stack.

Scammers on Yahoo Personals

Xavier Ashe — Mon, 02 Apr 2007 09:53:00 -0400

I posted about my fun on True.com, where the company itself was attempting to scam me. Now it seems I found that Nigerian scammers have moved to Yahoo Personals. This was the third time this has happened in about a week. All of the the "girls" involved had their profiles deleted days after emailing me. They all had full profiles and seem like real people. Who happen to be stuck in Nigeria. One needed some cash to pay the hotel phone bill. One needed cash for transportation to the American Embassy. One clue is the "Buzz!!" that happens when I am IMing these folks. It happen with a previous chat too. Here's an older chat:

[17:40] me: hello... you there?
[17:40] marybabie112: How have you been
[17:40] marybabie112: i know you forgetten about me
[17:40] marybabie112: i will be trying to talk to you but know response
[17:41] me: just been busy... how have you been?
[17:42] me: did you remove your profile from yahoo?
[17:42] marybabie112: yes cos i have you
[17:43] me: ?? You have me?
[17:44] marybabie112: YES
[17:44] marybabie112: cos since started talking to you i feel butterfly in my stomach
[17:49] marybabie112: do you think will have anything in common
[17:49] me: if you want you give me a call at xxx-xxx-xxxx
[17:50] me: I hope so ;)
[17:50] marybabie112: They dont allow me to used the hotel phone anymore cos the money am oweing them
[17:51] me: hotel? Where are you at?
[17:51] marybabie112: Nigeria , Summit Hotel
[17:52] me: oh... well it's kinda hard to go out for drinks with you still out there. When will you be back in town?
[17:53] marybabie112: i dont know yet cos i dont have the money to pay them
[17:53] me: riiiight. So, email when you're back in town. Then we can chat.
[17:54] marybabie112: Okay

And here's the chat I had this morning.

[07:43] olgafun01: Hello
[07:43] olgafun01: How are you doing today?\
[07:43] me: good morning
[07:44] olgafun01: Good morning to you too
[07:44] olgafun01: How is everything over there?
[07:45] me: good. just getting up and going. Excuse my faulty memory, but who is this?
[07:47] olgafun01: This is Olga from US TN
[07:47] olgafun01: Do you know where you meet me?
[07:48] me: No, I'm sorry. Where did we meet?
[07:49] olgafun01: Arer you on Fling?
[07:49] me: no
[07:49] me: what is fling?
[07:50] olgafun01: Did you know me?My name is Olga from Clarksville TN and i know you know me from some site
[07:51] me: Prehaps Yahoo personals?
[07:51] olgafun01: Yeah you got it right?
[07:52] me: cool, can you send me a link to your profile?
[07:53] olgafun01: Well i have not finish my profile but i can tell you about me and where am from?
[07:53] olgafun01: Okay
[07:54] me: Sure, but how did we meet on yahoo personals if you don't have a profile there?
[07:58] olgafun01: Well i just search on only you
[07:58] olgafun01: Coz i love your profile
[07:59] me: ah. Well, thank you. Why are you looking for folks in Atlanta? Planning on coming down?
[08:00] olgafun01: Ohh coz i love the way you put your profile and i wish to know you better than this and i know when you get online everything wil gonna be alright for me to see you in person
[08:00] olgafun01: Coz i have been hurt before and am still looking for man who can be with me for ever and ever
[08:02] me: I'm not one for online romances. I don't mind chatting every now and then, but I am not online enough. I'd rather just meet in person. I think you can discover a lot more about a person that way.
[08:03] olgafun01: WHere are you?
[08:03] olgafun01: Talk to me
[08:03] olgafun01: Ohh Yeah
[08:03] olgafun01: But where can i get uyou and knmow ou very well?
[08:03] olgafun01: Or can will talk here better before knowing each othedr
[08:03] olgafun01: Other
[08:04] me: I have to get breakfast on. Be back in a bit.
[08:04] olgafun01: Okay
[08:04] olgafun01: Or can you mail me and tell me a lil about you so i can reply you and tell you about myself too
[08:07] olgafun01: Buzz!!
[08:27] me: No, thank you. I am not looking for an online/remote relationship. If you are in Atlanta and would like to meet, let me know.
[08:27] olgafun01: Are you back?
[08:28] me: yes
[08:28] olgafun01: Ohh is that why you keep your self there righht
[08:28] me: huh?
[08:28] olgafun01: Yeah
[08:30] olgafun01: Arer you there?
[08:31] olgafun01: Well let talk about how will gonna meet each other
[08:32] me: Sure... When is the next time you will be in Atlanta?
[08:32] olgafun01: I don't Have any business there right now
[08:33] olgafun01: But i can get there to meet my Mr. Right
[08:34] me: This weekend I am busy. But I have a flexible work schedule. If you wanted to come down during the week, I can make time for lunch or drinks.
[08:35] olgafun01: Really?
[08:35] me: sure
[08:37] olgafun01: Ever since I joined yahoo personals, I have always wanted to meet someone like you with so much care and respect for woman feelings I'm looking for serious relationship
[08:38] me: Thanks. So when do you think we can meet?
[08:38] olgafun01: Just that my heart is on fire at the moment
[08:38] olgafun01: i want to be there, just that i am froze up here right now
[08:40] olgafun01: Well i am a bussines person, forget to tell you that
[08:40] me: too bad. I don't have the flexibility for a road trip myself. Just ping me when you think you can make it down.
[08:40] me: That's cool.
[08:40] olgafun01: I am here in Nigeria for the first time
[08:41] olgafun01: it is not what you think ?
[08:41] me: riiight, what happen to clarksville?
[08:41] olgafun01: I have neve been here since i was introduce to this business 4 yrs ago and i have been to many places in Europe and in Austria
[08:42] me: sounds fun. Like I said, I'm not looking for a remote relationship right now.
[08:43] olgafun01: Can you imagine kind of bullshit i got myself into... Have been stranded here since Four Days
[08:46] olgafun01: I lost both parent. My only brother i depend on he's is into drugs life been adicted to it, he doesnt care about me, If not i would have just ask for help from my parent or my brother. But now, that i don't have them i think you are all i have now
[08:46] olgafun01: Buzz!!
[08:47] me: you are in some bad shape if you are asking a perfect stranger for some help. But unfortunately, you are the third girl that I have met online that is stuck in Nigeria. Sounds like an epidemic.
[08:53] olgafun01: I was here to clear some computer from Czech. But, Unfortunately when i get here i was sick and i use the money i have on me to get Treatment in the Hospital and now all i need is You to help me with some money so that i can clear the Goods. I promise to pay back as soon as i deliver the Goods and get payment from my Client. I will be very very gratefull if you can help me with the Clearance Fee so that i can get Goods cleared and return and come back to you
[08:53] olgafun01: Oh yes i know about so many scam here in nigeria i wouldn'y lie to you
[08:53] me: heh.... of course you wouldn't.
[08:53] olgafun01: Just please try and help me, I know for now i am a stranfer to you but i am very sure later you will klnoe me more than i know myself
[08:54] me: well, good luck with that.
[08:54] olgafun01: please kindly help me out..I'm not just looking for financial support only, I'm looking for something meaningful and lasting
[08:54] olgafun01: Just please try and understand why i need you to do this for me
[08:54] me: ha, thanks for the entertainment this morning.
[08:55] olgafun01: I know it is hard to trust me but i just want you to please try and help me please
[08:55] olgafun01: OKay

EDIT. HA! She came back later the same day.

[11:51] olgafun01: Hello
[11:51] olgafun01: How are you doing am back
[11:51] olgafun01: I know you can't do nd help me but let talk about how will gonna meet each other okay
[11:52] olgafun01: Buzz!!
[11:52] olgafun01: Buzz!!
[12:06] me: Just ping me when you get back in town.
[12:06] olgafun01: Okay..But try to understand me well okay
[12:07] olgafun01: Am in the state right now but i need to clear my goods in Nigeria coz the costom sieze my goods here and tell me to pay for the Good
[12:07] me: "[08:40] olgafun01: I am here in Nigeria for the first time"
[12:07] olgafun01: Goods and i dont have enough money with me all i have here is just $600
[12:08] olgafun01: I jst did an mistake
[12:08] me: yup
[12:08] olgafun01: COz am so sad and i dont know what to do and what to talk about okay
[12:08] olgafun01: Am sorry
[12:09] me: right...
[12:09] me: http://blog.xavier.ashe.com/blog/_archives/2007/4/2/2853018.html
[12:10] olgafun01: I know you can't trust me
[12:10] olgafun01: But just try to believe me that i can't do something to make you be unhappy to me
[12:11] olgafun01: Coz i really wanna meet you and know you very well that is why i just read all what i write and i see tht i did an mistake there
[12:11] olgafun01: Am sorry for that
[12:12] me: are you marybabie112 too?
[12:12] olgafun01: Nop,
[12:12] olgafun01: My real name is Olga and am from TN \
[12:12] olgafun01: Nop that is not my name
[12:12] olgafun01: I told you am in the state right now
[12:13] me: Well, when you are Atlanta, I will meet you for drinks. Then you can try to scam me to my face, until then I have to get back to work.
[12:13] olgafun01: Ohh is that what you think about me?
[12:13] olgafun01: ohh that is not right
[12:14] olgafun01: Coz am for real\
[12:14] me: then I'll be proved wrong when we meet
[12:14] olgafun01: Okay
[12:15] olgafun01: But try to help me for the goods clearase
[12:15] me: HA! You are unbelievable!
[12:16] olgafun01: Ohhh is that right
[12:17] olgafun01: I know that coz the mistake i did before that is what make you say that to me
[12:17] me: you should read http://www.stop-scammers.com/forum/default.asp?CAT_ID=6
[12:17] olgafun01: That is why isay i can't trust any one in here again
[12:17] olgafun01: They always breaking my heart
[12:19] olgafun01: So you are one of them
[12:19] olgafun01: Well i promise to come to you
[12:19] olgafun01: And i knwo you gonna do this for me to make me happy
[12:20] me: I'll believe it when I meet you. Until then, you can stop trying to get any money out of me.
[12:21] olgafun01: Yeah that is when i meet you okay
[12:21] olgafun01: Well please try to trust me and help me to clear the good
[12:22] olgafun01: So i can be able to sell it here and get the money so i can be able to get over to you soon
[12:22] olgafun01: Okay
[12:22] olgafun01: I promise you that
[12:22] me: STOP TRYING TO GET MONEY FROM ME. You are barking up the wrong tree.
[12:23] olgafun01: Ohh Okay
[12:23] olgafun01: Will you help me for something
[12:23] olgafun01: Do you know how much am asking from you?
[12:23] me: it doesn't matter
[12:24] olgafun01: I know that
[12:24] olgafun01: But just try to believe me very well than thjis
[12:24] olgafun01: Can you talk to my client right here
[12:25] olgafun01: Buzz!!
[12:26] me: no
[12:26] olgafun01: WHy?
[12:26] olgafun01: Hello
[12:26] olgafun01: Talk to me
[12:27] me: what else do you want to know. Yes, I would love to meet you. No, you are not scamming me out of any money. Yes, i am at work and am very busy.
[12:27] olgafun01: Ohh okay
[12:28] olgafun01: When you are not busy please talk to me so will can know how wil gonna meet okay
[12:28] olgafun01: Bye
[12:28] olgafun01: Buzz!!

Unbelievable. But I guess people fall for it or they would keep doing it.

After - A new Short Film from Digitribe Productions

Xavier Ashe — Wed, 31 Jan 2007 08:32:00 -0500

I am very happy to announce a new short filmed released by Digitribe Productions, After. For the first time, see the zombie outbreak through the eyes of the undead. I worked on the film as an associate producer. You can see the full film online. This was lot of fun to make. After was written by and produced from the same people who brought you Geekin'. Please let us know what you think. We have started work on our new film, but I cannot discuss the details until it gets further along.

Very Busy Week

Xavier Ashe — Sun, 21 Jan 2007 14:23:00 -0500

It's been a crazy busy week at a client site with no internet connectivity. Gotta love those air gapped networks! Anyway... the post will resume shortly. Thanks for all your emails! In the meantime, many of you in security will find the picture familiar:

Telecom Security Solution introduced to Asia Pacific

Xavier Ashe — Thu, 21 Dec 2006 11:20:00 -0500

The blog has been a bit quiet lately. I have been working on a new solution that was announced at the beginning of the month. The security concerns of telecoms and data carriers has changed a bit. The thing I used to hear was "I only want to know about the attacks on my customers, everything else we can ignore." The attacks that when from one peer AS to another was of little concern. But the attitude is changing now that these carriers are depending of their core transport for more and more revenue streams. Mobile broadband to phones and laptops, VOIP, video, the emergence of WiMAX, and other new technologies are pushing the big carriers to rethink their security responsibility.

So a few months ago I was tapped to design what we dubbed as "Security in the Cloud". We needed a way to detect, manage, and mitigate security threats in the core transport of telecoms and data carriers. What we did was talked with a few customers to figure out what was needed to step up to the challenge. What came out of that was a collaboration of existing Tivoli software and the technology from an IBM partner, Narus. Narus has some great detection technology for finding real threats within the massive amounts of data traversing the core backbone. Then IBM Tivoli Security Operations Manager (TSOM) takes the Narus alert data and correlates it with existing security detection technologies to get more out of the alert data from Narus. Then the correlated security events get passed to IBM Tivoli Netcool to be correlated and displayed along side performance and availability data. The integration and flexibility of this solution is due to the IBM BladeCenter HT servers that makes it easy to scale to meet the demands of the Telecoms. This combination of data allows carriers to detect and mitigate threats before they affect the performance of their network.

This solution was first introduced to the world at the ITU Telecom World in Hong Kong. As a result of the pre-event and onsite media activities, IBM media relations teams have delivered in excess of 100 articles online and in print to date, with more articles expected in Hong Kong and mainland China. The mainland China media alone have published 59 articles on our announcements at ITU to date. Our announcements were picked up by more than 150 different news sites globally. Here's just a few of the mentions of the solution:

Computer World Hong Kong - "ITU : Vendors roll out telco wares at ITU"
InfoWorld - "IBM aims security bundle, new blade at telecom space"
LighReading - "IBM Touts Telco Systems"
eWeek - "IBM and Narus Offer Telecom Security Package"

The development continues as we refine our offering to meet customer needs. It's been a fun project and happy to see it making sense for so many customers.

EDIT: Just found out that IBM is now a member of the WiMAX Forum.

I'm Back

Xavier Ashe — Mon, 25 Sep 2006 13:55:00 -0400

The previous project kept me away from the blog, but expect it to pick up pace now that's over. I am taking a week of vacation to move into a new place and will have some time to catch up on all my web reading. Just wanted to say that the blog's not dead... just asleep for a few weeks. Here's a picture to show how hard this project was:

Yeah... this job's tough!

Labor Day fun

Xavier Ashe — Sun, 03 Sep 2006 21:30:00 -0400

I will be onsite at a client for the next few weeks, so there's no telling how much I will be able to post. Here's a nice geeky comic to pass the time:

This is from kxcd, "A webcomic of romance, sarcasm, math and langauge".

Who would win in a fight - Capt. Morgan vs Capt. Kirk?

Xavier Ashe — Tue, 08 Aug 2006 14:02:00 -0400

How readable is your site?

Xavier Ashe — Wed, 02 Aug 2006 17:11:00 -0400

This service analyses the readability of all rendered content. Unfortunately, this will include navigation items, and other short items of content that do not make up the part of the page that is intended to be the subject of the readability test. These items are likely to skew the results. The difference will be minimal in situations where the copy content is much larger than the navigation items, but documents with little content but lots of navigation items will return results that aren't correct.

The Readablity Test by Juicy Studio. Here are my results:

Reading Level Results
Summary	Value
Total sentences	926
Total words	5261
Average words per Sentence	5.68
Words with 1 Syllable	3039
Words with 2 Syllables	1154
Words with 3 Syllables	640
Words with 4 or more Syllables	428
Percentage of word with three or more syllables	20.30%
Average Syllables per Word	1.71
Gunning Fog Index	10.39
Flesch Reading Ease	56.68
Flesch-Kincaid Grade	6.76

That puts me somewhere in between Time, Newsweek, and the Wall Street Journal.

Power Industry Security Standard Details

Xavier Ashe — Wed, 02 Aug 2006 14:10:00 -0400

I found the details for the new security standard for the power industry. Below are the 8 new standards that are effective June 1st, 2006. Please see the Implementation Plan for complete list of dates for compliance with the requirements. NERC will be holding Cyber Security Standard Workshops throughout North America for the next few months. Check the PDF announcement for details on when it will be held in your city.

Click the links below for the actual text of the security standard.

CIP-002-1: Critical Cyber Asset Identification

Risk based Asset classification. A required first step so that you know how to apply the other requirements

CIP-003-1: Security Management Controls

People and Policy, gotta catch them all

CIP-004-1: Personnel & Training

Awareness program, Training, Personnel background checks, and access lists

CIP-005-1: Electronic Security Perimeter(s)

"identification and protection of the Electronic Security Perimeter(s) inside which all Critical Cyber Assets reside, as well as all access points on the perimeter"

CIP-006-1: Physical Security of Critical Cyber Assets

Monitor and log physical access

CIP-007-1: Systems Security Management

Methods, Process, and procedure

CIP-008-1: Incident Reporting and Response Planning

"identification, classification, response, and reporting of Cyber Security Incidents related to Critical Cyber Assets"

CIP-009-1: Recovery Plans for Critical Cyber Assets

BCP and DR

I really like the layout of this standard. It not only lists the requirements, but the measures (what the auditor expects to see), auditing schedule, data retention, and non-compliance levels. It's not an all or nothing game with this one, you have well defined levels of non-compliance. Both CIP-005 and CIP-007 look very interesting, so I dove in. These are just the high level requirements, check the PDF for all the details.

CIP-005:
    R1. Electronic Security Perimeter — The Responsible Entity shall ensure that every Critical Cyber Asset resides within an Electronic Security Perimeter. The Responsible Entity shall identify and document the Electronic Security Perimeter(s) and all access points to the perimeter(s).
    R2. Electronic Access Controls — The Responsible Entity shall implement and document the organizational processes and technical and procedural mechanisms for control of electronic access at all electronic access points to the Electronic Security Perimeter(s).
    R3. Monitoring Electronic Access — The Responsible Entity shall implement and document an electronic or manual process(es) for monitoring and logging access at access points to the Electronic Security Perimeter(s) twenty-four hours a day, seven days a week.
    R4. Cyber Vulnerability Assessment — The Responsible Entity shall perform a cyber vulnerability assessment of the electronic access points to the Electronic Security Perimeter(s) at least annually.
    R5. Documentation Review and Maintenance — The Responsible Entity shall review, update, and maintain all documentation to support compliance with the requirements of Standard CIP-005.

CIP-007:
    R1. Test Procedures — The Responsible Entity shall ensure that new Cyber Assets and significant changes to existing Cyber Assets within the Electronic Security Perimeter do not adversely affect existing cyber security controls.
    R2. Ports and Services — The Responsible Entity shall establish and document a process to ensure that only those ports and services required for normal and emergency operations are enabled.
    R3. Security Patch Management — The Responsible Entity, either separately or as a component of the documented configuration management process specified in CIP-003 Requirement R6, shall establish and document a security patch management program for tracking, evaluating, testing, and installing applicable cyber security software patches for all Cyber Assets within the Electronic Security Perimeter(s).
    R4. Malicious Software Prevention — The Responsible Entity shall use anti-virus software and other malicious software (“malware”) prevention tools, where technically feasible, to detect, prevent, deter, and mitigate the introduction, exposure, and propagation of malware on all Cyber Assets within the Electronic Security Perimeter(s).
    R5. Account Management — The Responsible Entity shall establish, implement, and document technical and procedural controls that enforce access authentication of, and accountability for, all user activity, and that minimize the risk of unauthorized system access.
    R6. Security Status Monitoring — The Responsible Entity shall ensure that all Cyber Assets within the Electronic Security Perimeter, as technically feasible, implement automated tools or organizational process controls to monitor system events that are related to cyber security.
    R7. Disposal or Redeployment — The Responsible Entity shall establish formal methods, processes, and procedures for disposal or redeployment of Cyber Assets within the Electronic Security Perimeter(s) as identified and documented in Standard CIP-005.
    R8. Cyber Vulnerability Assessment — The Responsible Entity shall perform a cyber vulnerability assessment of all Cyber Assets within the Electronic Security Perimeter at least annually.

Looks fun! Another security regulation to comply to.... Can you Digg it?

Chat With Me!

Xavier Ashe — Wed, 02 Aug 2006 10:41:00 -0400

When I go onto a customer site to do security consulting, I don't want to have my laptop connecting to IM, Skype, or anything that is security or policy issue. That's the last thing I want to have red lights go of on an IDS and trace it back to my laptop. So I use Meebo instead. It's an ajax/web 2.0 IM that's just great. No install, and the IDS sees only web traffic. Today they released a flash widget that allow you to chat with me in real time. If you want to add your own widget, go to MeeboMe and get set up. I've posted it to the right ---->

So feel free to bug me when I am online. Call me names, tell me how ugly I am, complain about a story, ask me to marry you.... I'm all ears... er... fingers?

Google doesn't like security sites!

Xavier Ashe — Thu, 27 Jul 2006 08:32:00 -0400

I decided to create some Google Ads to drive some addtional traffic to the site. After a few days of the ads running, Google suspended my account.

Hello,

Thank you for advertising with Google AdWords. After reviewing your account, we've found that one or more of your ads or keywords does not meet our guidelines. You can see your disapproved ad(s), the reason for disapproval, and editorial suggestions, from the Disapproved Ads page within your account.

Wells that's not very nice. I logged on to my Google AdWord account and found out the following:

At this time, Google policy does not permit the advertisement of websites that contain "hacking or cracking". As noted in our advertising terms and conditions, we reserve the right to exercise editorial discretion when it comes to the advertising we accept on our site.

Has anyone else had problems like this?

Response from the Governor

Xavier Ashe — Tue, 25 Jul 2006 19:00:00 -0400

As you may recall, I wrote the governor of Georgia on April 24, 2006 to protest HB1259. That was the bill that would have made it a felony to practice computer forensics without a PI license. Governor Sonny Perdue vetoed that bill on May 5, 2006. His office just now replied to my message. Better late than never.

Dear Mr. Ashe:

Thank you for contacting my office regarding House Bill 1259, recently considered by the 2006 Georgia General Assembly. I appreciate knowing how you stand on this issue and regret the
delay in my response to your message.

The existing definition of "private detective business," continued in this bill, in conjunction with the applicable exemptions in the law, fails to exclude from the private investigator licensing requirement many professions that collect information or may be called as expert witnesses in court proceedings. To expand the penalty from a misdemeanor to a felony without revision of the existing definitions in the law could result in unintended consequences, therefore I vetoed House Bill
1259 on May 5, 2006.

Thank you again for writing and for your participation in our democratic process.

TSOM In the spotlight

Xavier Ashe — Fri, 14 Jul 2006 15:29:00 -0400

As of July 1st, IBM and Micromuse completed Transfer of Trade. That was the last big step in making Micromuse part of IBM worldwide. Since then, the publicity for IBM Tivoli Security Operations Manager (TSOM) has taken off. Here are a few of the the posts from the various publications. Its really amazing to see the tool I help implement get so much press. I think I am going to get real busy, real soon.

IBM unveils security management software - NetworkWorld.com:

"In some enterprise companies, IT shops handle security and management hand in hand," says Paul Stamp, a senior analyst with Forrester Research. "This type of product helps that type of mature organization deal with security incidents in the same way and with the same processes as it would other incidents and operational events."

IBM Gives Micromuse Assets The Tivoli Touch - InternetNews.com:

Designed for businesses with heavy computer data traffic, IBM Tivoli Security Operations Manager protects networks by proactively detecting and neutralizing security threats as they happen rather than after the system is harmed. The software analyzes the security data and prioritizes security incidents in real time, cutting a company's response time from minutes to milliseconds.

Asia poised for service management growth - ZDNet Asia:

Key to plugging IBM's gaps in ITSM is its five acquisitions made after it first unveiled its strategy. Zollar noted that among these acquisitions, the most significant is Micromuse.

IBM this week unveiled a new security offering under its ITSM portfolio that automates security data collection and analysis across an organization's IT infrastructure. The Tivoli Security Operations Manager is IBM's first integrated product following the Micromuse acquisition, which was completed in February this year. The new product taps user account and access information from existing products Tivoli Identity Manager and Tivoli Access Manager, to enforce security policies and snuff out insider threat.

IBM Releases Security Tool To Fight Denial Of Service Attacks, Worms - Network Pipeline, Bizintelligece Pipline (link), CRN (link), ChannelWeb (link)

IBM Tivoli Security Operations Manager, announced yesterday, automates security data collection and analysis, presenting incident warnings in a real-time dashboard. By integrating network, security, identity and systems management in a single, centralized interface, it enables organizations to respond immediately to security threats originating both outside and within the network.

IBM Releases Tivoli Security Operations Manager - SDA Asia, SDA India (link)

The new IBM software automates how security data is collected and analysed across an IT infrastructure and prioritizes security incidents via a real-time dashboard. This cuts a company's response time from minutes to milliseconds and can make it less expensive for IT outsourcers, ISPs and corporations to maintain secure, available networks.

IBM Unveils New Software - Dark Reading

The new software -- IBM Tivoli Security Operations Manager -- will be the company's first product to incorporate technology from IBM's acquisition of Micromuse, and comes only five months after the acquisition closed in February 2006. The software expands on the capabilities of the Neusecure product, which was recently positioned in the leaders quadrant in the Gartner Magic Quadrant for Security Information and Event Management.

New IBM Software Delivers Real-Time Security Across Computer Networks - ARC Advisory Group

IBM announced new security software that helps corporate IT departments, telecom service providers and IT outsourcing companies keep their computer networks and systems up and running despite security attacks by malicious outsiders, employees or contractors. The software secures networks by automatically detecting and managing security threats as they happen, rather than after the damage is done.

NetCool/NeuSecure is now IBM Tivoli Security Operations Manager

Xavier Ashe — Fri, 07 Jul 2006 09:29:00 -0400

With the release of version 3.1, we have changed the name of the SEIM product NeuSecure to IBM Tivoli Security Operations Manager. This name change reflects the true scope of the product, automating the entire workflow in your security operations. While we still are the industry leading Security Event and Information Manager (SEIM), we also have tools for Host Investigation, Incident Response, and Forensic Analysis. The new name describes the product better and also reflects our integration into the Tivoli family.

Other Features that come with 3.1:

Integration with IBM NetCool/OMNIbus and IBM Tivoli Enterprise Console
The ability to utilize IBM NetCool/OMNIbus for incoming events
SNMP Action Processor to expand integration with other management systems
Device Support for IBM Tivoli Identity Manager and IBM Tivoli Access Manager
Support for Cisco's Security Device Event Exchange (SDEE)
A built-in knowledgebase that allows the customer to add custom information about security events
An expanded list of Vulnerability Scanner import options

IBM likes their acronyms, so in the future you will hear me refer to Tivoli Security Operations Manager as TSOM.

Also, on July 1st, IBM and Micromuse completed the Transfer of Trade. That is the final step in the acquisition process that makes our entire worldwide team part of IBM. If I was not busy before, I will be now!

Geekin the Movie, now available for Preorder

Xavier Ashe — Mon, 03 Jul 2006 22:33:00 -0400

We are now accepting PRE-ORDERS for Geekin'

at http://www.geekinmovie.com

(Note: Release date is currently on or around August 1, 2006)

Preorder the DVD and receive with it a signed page from the actual script!
In addition, everyone who preorders will be entered in a drawing to win a garden gnome used in the actual filming of Geekin'!

Still Alive

Xavier Ashe — Wed, 14 Jun 2006 21:27:00 -0400

Hey everyone out there. Sorry about the silence on the blog, but the traveling has kept me busy. I had alot of fun in Barcelona at the NetCool User's Conference. The plan was to present the NOC-SOC integration story, but made a last minute change to present the information I wrote a white paper about, Building a Security Framework in the Next Generation Networks. Click the link for the preso I presented. I also had the chance to present the main demo to everyone. Thanks to everyone who came by.

Look forward to the standard stream of posts to resume shortly.

Dead Air

Xavier Ashe — Sat, 03 Jun 2006 00:20:00 -0400

The Lazy Genius has been quiet this week. I have been in Edmonton, Alberta, Canada training more consultants at a partner, ARC Business Solutions, on NeuSecure. It went well, and I enjoyed my time in the great north. The folks in Edmonton are real nice, similar to the mid-west in their demeanor. The weather was absolutely perfect, and with the 17 hour days, I enjoyed several parks like the Elk Island National Park and the largest mall in the world, the West Edmonton Mall. For the exception of working every day, it was like a vacation. Right now, I am on my way to Barcelona, Spain for the NetCool User's Conference. I will be giving a presentation on Security Framework in Next Generation Networks (NGN). I am looking forward to meeting many of you that I have only spoken with on the phone.

I might find some time to a bit of blogging, but it will probably be another week before you see any new posts.

The end of Trackbacks

Xavier Ashe — Wed, 24 May 2006 13:54:00 -0400

I have decide to turn off trackbacks on The Lazy Genius. I get about 10-30 a day and they are all spam. Sorry guys, but it's very annoying. If you want a shout out or a link on my main page, shoot me an email at xavier at ashe d0t com.

We're not too late!

Xavier Ashe — Tue, 02 May 2006 12:50:00 -0400

I just got word from some folks at ISS that HB 1259 has not been signed by the governor. If you wish to help get invloved, please email me at xavier@ashe.com.

Letter to the Governor

Xavier Ashe — Mon, 24 Apr 2006 10:54:00 -0400

I just sent the following letter to Sonny Perdue regarding HB1259. Read my previous post for more information. You can send your own message to the Governor here and can use any bit of my message below.

Mr. Perdue, I am a computer security specialist and have been for 13 years. I am currently working at IBM as a security architect, designing information security solutions for Georgia companies. I am writing to address bill HB1259, a bill I believe is sitting on your desk for a signature. I am asking that you veto this bill.

There are two perspectives that I can give you as to why this bill will be an undue burden on our industry. I was an independent consultant for while and spent a good bit of money on industry certifications and training to certify that I was qualified to perform computer forensics. I performed forensics for several firms, some of which I presented my findings to Georgia courts. I was accepted as an expert witness, and my evidence held up to judicial scrutiny. HB1259 will not do anything to qualify computer forensic scientists like myself. It keeps independent consultants that are experts in computer forensics from gaining work and forces them to be employed by a PI firm. To become a PI in GA, you don't ever have to take ANY classes on computer forensics.

The second perspective is from by current vantage point. I now work for IBM, designing security solutions for some of the largest corporations in Georgia. These companies have an internal security staff that is trained to do computer forensics. Security incidents occur on an ongoing basis in large enterprises and these teams are quite busy. They also have the same industry certification and training I had as an independent consultant. They collect evidence as if they will prosecute every time, just in case they do. Many times, companies decide to fire employees based on this information and will have to retain the evidence in case of civil litigation. HB1259 will keep these trained engineers from doing their job, requiring a licensed PI firm to be paid every time a security incident occurs, which is often.

Overall, this is the PI industry's attempt to artificially protect their industry by passing overreaching legislation. It will hamper security forensics work and cause companies to think twice before making Georgia their technological hub. Please veto HB1259 today. Thank You.