September 30, 2008.
2003 Honda Civic Hybrid 4 door.
Cost: $9,000
She put zero down but says she made two payments.
I loaned her $500 for a fine she got so we'll cancel out the two payments of $250 each for the $500 I loaned her leaving $9,000 (after almost 2 years of actually having the car.)

- In a text message dated 3 August 2010 she claimed she would send money tomorrow (4th August) and again on the 18th.)
- She has USAA deposit envelopes to use and promised she will make every payment from here out.
- As of 6 August 2010, balance is $9,000.
- If she is not well under way to paying the car off by Autumn 2010 I'm having the Sheriff repossess the car for non-payment. (Who knows how much the car will have depreciated by then.)

Let me tell you about High Fructose Corn Syrup.

Way back in 1983 there came to market a new product called Corn Syrup.
Instead of regular cane sugar they made this product as a sweetener that saved manufacturers a huge amount of money; about 60% savings but never passed that on to the consumers.

So, in the end, we're paying more for what we do get AND it's making Americans fatter and fatter.
I was at the store earlier today looking for some jelly for my wheat toast (which now has corn syrup in some brands) and I simply could not find any jelly without Corn Syrup. So I didn't buy any and I will not buy any of this junk until they stop adding it. (which is probably never.)
Bogus, I like jelly on my toast. (I ended up buying Nutella; a hazelnut paste spread for my toast. European tasty!)

Do a google search on High Fructose Corn Syrup and you'll find a ton of bad stuff about it. Even youtube videos have bad news about this stuff.

Stay informed and stay healthy!

This to plan for:

- Invitations.
- Church reservation
 - Flowers, music, escorts, all included in $1,500 cost.
- Reception reservation - $500
- Honeymoon - Hotel, travel costs
- Tuxedo or Dress blues uniform
- Rings for bride and groom
- Catering
- Transporting people to the scene
- Bachelor party
-

Here's a standard iptables config script for a linux box:


#!/bin/sh
echo ""
echo "   setting global variables"
echo ""
export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
iptables="/sbin/iptables"
 
# adjust /proc
echo "   applying general security settings to /proc filesystem"
echo ""
if [ -e /proc/sys/net/ipv4/tcp_syncookies ]; then echo 1 > /proc/sys/net/ipv4/tcp_syncookies; fi
if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]; then echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter; fi
if [ -e /proc/sys/net/ipv4/ip_forward ]; then echo 1 > /proc/sys/net/ipv4/ip_forward; fi
 
# load some modules
if [ -e /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/ip_nat_irc.o ]; then modprobe ip_nat_irc; fi
if [ -e /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/ip_conntrack_irc.o ]; then modprobe ip_conntrack_irc; fi
if [ -e /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/ip_conntrack_ftp.o ]; then modprobe ip_conntrack_ftp; fi
if [ -e /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/ip_nat_ftp.o ]; then modprobe ip_nat_ftp; fi
 
# flush any existing chains and set default policies
$iptables -F INPUT
$iptables -F OUTPUT
$iptables -P INPUT DROP
$iptables -P OUTPUT ACCEPT
 
# setup nat
echo "   applying nat rules"
echo ""
$iptables -F FORWARD
$iptables -F -t nat
$iptables -P FORWARD DROP
$iptables -A FORWARD -i eth0 -j ACCEPT
$iptables -A INPUT -i eth0 -j ACCEPT
$iptables -A OUTPUT -o eth0 -j ACCEPT
$iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$iptables -t nat -A POSTROUTING -s 10.5.2.0/24 -o eth1 -j SNAT --to-source 10.5.1.3
 
# allow all packets on the loopback interface
$iptables -A INPUT -i lo -j ACCEPT
$iptables -A OUTPUT -o lo -j ACCEPT
 
# allow established and related packets back in
$iptables -A INPUT -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
 
# blocking reserved private networks incoming from the internet
echo "   applying incoming internet blocking of reserved private networks"
echo ""
#$iptables -I INPUT -i eth1 -s 10.0.0.0/8 -j DROP
$iptables -I INPUT -i eth1 -s 172.16.0.0/12 -j DROP
$iptables -I INPUT -i eth1 -s 192.168.0.0/16 -j DROP
$iptables -I INPUT -i eth1 -s 127.0.0.0/8 -j DROP
#$iptables -I FORWARD -i eth1 -s 10.0.0.0/8 -j DROP
$iptables -I FORWARD -i eth1 -s 172.16.0.0/12 -j DROP
$iptables -I FORWARD -i eth1 -s 192.168.0.0/16 -j DROP
$iptables -I FORWARD -i eth1 -s 127.0.0.0/8 -j DROP
 
# blocked hosts
echo "   dropping all packets from blocked hosts"
echo ""
#$iptables -I INPUT -s 80.80.32.0/24 -j DROP
#$iptables -I FORWARD -s 80.80.32.0/24 -j DROP
 
# icmp
echo "   applying icmp rules"
echo ""
$iptables -A OUTPUT -p icmp -m state --state NEW -j ACCEPT
$iptables -A INPUT -p icmp -m state --state ESTABLISHED,RELATED -j ACCEPT
$iptables -A INPUT -p icmp --icmp-type echo-request -i eth1 -j DROP
$iptables -A INPUT -p icmp --icmp-type echo-request -i eth0 -j DROP
 
# apply icmp type match blocking
echo "   applying icmp type match blocking"
echo ""
$iptables -I INPUT -p icmp --icmp-type redirect -j DROP
$iptables -I INPUT -p icmp --icmp-type router-advertisement -j DROP
$iptables -I INPUT -p icmp --icmp-type router-solicitation -j DROP
$iptables -I INPUT -p icmp --icmp-type address-mask-request -j DROP
$iptables -I INPUT -p icmp --icmp-type address-mask-reply -j DROP
 
# open ports to the firewall
echo "   applying the open port(s) to the firewall rules"
echo ""
$iptables -A INPUT -p tcp --dport 80 -j ACCEPT
 
# open and forward ports to the internal machine(s)
echo "   applying port forwarding rules"
echo ""
$iptables -A FORWARD -i eth1 -p tcp --dport 80 -j ACCEPT
$iptables -t nat -A PREROUTING -i eth1 -p tcp -d 10.5.1.3 --dport 80 -j DNAT --to-destination 10.5.2.10:80

# logging
echo "   applying logging rules"
echo ""
$iptables -A INPUT -i eth1 -p tcp -m limit --limit 1/s --dport 0:65535 -j LOG --log-prefix "tcp connection: "
$iptables -A INPUT -i eth1 -p udp -m limit --limit 1/s --dport 0:65535 -j LOG --log-prefix "udp connection: "
 
# drop all other packets
echo "   applying default drop policies"
echo ""
$iptables -A INPUT -i eth1 -p tcp --dport 0:65535 -j DROP
$iptables -A INPUT -i eth1 -p udp --dport 0:65535 -j DROP
 
echo "### firewall is loaded ###"
echo ""

Update: Many ships doing business in the Indian ocean are being escorted by military vessels who are not asking questions when they see pirate skiffs.

Awesome.

Just posting my chapter notes here.

Ok, I underestimated how much time it took to get my house painted, stuff unpacked and get back to work and had to reschedule the exam to 31 July, 2010.
As of this I have about 50 days, almost two months.
Lost my official book chapter notes for chapters 1-3, starting over from the beginning, Domain 1: Access Control.
(I wasn't backing up my 30GB VmWare image of the computer I was using so had to go back to a 3 month old image which didn't contain my notes.)
Lesson learned.

Got this ICQ spam from:
support.instructions.usa. (support.instructions.usa.)
Also from :
Update Notice (update.notice.usa.10)

Created on 2010-05-11 21:55:55. 2010-05-11

Tried to go to the link www.updatezp.org but the page wasn't found and no IP in DNS server zone files.

If you ever get unsolicited junk messages like this via ICQ, Email or any other instant messenger or mail, IGNORE IT!
It is only someone trying to infect your computer with malware (Viruses) so they can control it.

Once they control your computer they can use it to send spam mail/messages, attack other computers or servers, steal your passwords or files and use them to steal money from your bank.


Support Instructions
9:24 PM
WINDOWS REQUIRES IMMEDIATE ATTENTION
URGENT SYSTEM SCAN NOTIFICATION ! PLEASE READ CAREFULLY !!

http://www.updatezp.org/

For the link to become active, please click on 'Add to contacts' skype button or type it in manually into your web browser !

FULL DETAILS OF SCAN RESULT BELOW
****************************************

WINDOWS REQUIRES IMMEDIATE ATTENTION

ATTENTION ! Security Center has detected
malware on your computer !

Affected Software:

Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2003

Impact of Vulnerability: Remote Code Execution / Virus Infection /
Unexpected shutdowns

Recommendation: Users running vulnerable version should install a repair utility immediately

Your system IS affected, download the patch from the address below !
Failure to do so may result in severe computer malfunction.

http://www.updatezp.org/

For the link to become active, please click on 'Add to contacts' skype button or type it in manually into your web browser!

It is appalling that corporate shipping hasn’t taken a more proactive approach to Muslim Somali piracy in the Indian Ocean.
Those ships are permitted to be hijacked and lives endangered because we are so scared to treat pirates with other than kid gloves.

It would be trivially easy to overcome a tiny pirate skiff that has small arms on board.

Using long-range sniper rifles shooting at distances much further out than an RPG, AK(S)-47/74. (1,000 yards est. with optics.) it would be a simple task to whack one or two of the pirates to send the message and put this farce to an end.

I would argue that putting snipers on corporate shipping vessels would present enough of a countermeasure to defeat the practice of modern-day piracy.

Time to take the gloves off.

As I'm going through the ISC2 Official CISSP book I'm documenting some of the really stupid and short-sighted items which need revision or removal from the material.
Hopefully some ISC2 employee is reading this and I can affect a positive change:

1. Under threats they have:   - Data Remnance AND Object Reuse as two different threats?
   - These are the same threat yet we're having to memorize THAT they think they're different.
- How to make it better: Identify and combine these sorts of terms to streamline the learning process and make the curriculum less [dumb]. Let's be honest. That is dumb.

2. Eavesdropping is described to include "Sniffers" but there's also a threat directly called "Sniffers".
   - Another case of someone getting paid by the hour to generate more and more material that dublicates itself.
   - I don't know. Maybe the guy combined two lists of his work and forgot to check for duplicates. Dumb and needlessly redundant.

3. Talks about DOS/DDOS and SYN Floods as if they're different.
   - Again, stop making up things to list as required reading in your book. These items are similar enough to be listed as the same thing thus streamlining the material.
   - Plus you forgot about the other TCP State flag flooding like SYN/ACK/FIN/URG/RST/PSH (or Xmas, Null scans etc.) Wake up damit.

4. States that DIAMETER uses a UDP transport but in a peer-to-peer function yet later states "The DIAMETER Server issues the user ID as a challenge...".
   - Self contradicting. Which is it?

5. ISC2 CISSP Guide mistakenly claims that a NIDS examines traffic before forwarding it to destinations. (pg 206) This is wrong for local traffic b/c of how ethernet and switching forwards data to hosts.
   - Unless its an IPS on a segrated LAN and the IPS actually takes steps to stop suspicious traffic, hosts will receive the datagrams.

6. ISC2 discusses Rule-Based Intrusion Detection systems and Signature-Based IDSes as if they're different. (Page 207/209.)
   - Snort is mentioned as a Rule-Based IDS but they also discuss Signature-Based IDSes as if they're somehow a different category.
   - Let there be no doubt. Snort is a Signature/Rule-based IDS. I've managed Snort sensor / mgt console systems and have written custom snort signatures.

7. ISC2 claims that firewalls can't stop the spread of viruses?
   - Since network mobile code can fall under the blanket description of "Virus", firewalls are commonly used to block all unsolicited inbound traffic specifically to stop the propagation of network mobile malware.
   - Previously, NMC or network mobile code stuck to specific ports but subsequent NMC started being TCP/UPD Port non-specific so using the failed model of "Allow all, block dangerous ports" was replaced with "Block by default" with few exceptions like 80 for web, 22 for SSH etc.



   -