It’s been a while.

To say i fell off is a massive understatement would be completely accurate. I fell off entirely. For years. So if you’re reading this, just a heads up, there’s more to come.

Advertisements

Why I’m not losing my shit over the iPhone 5

If you were hoping for something special from the iPhone 5, you, much like myself, must be disappointed. The differences between the iPhone 4S and the iPhone 5 aren’t that much different.

  • iPhone 5 has a bigger screen. whooptie doo.
  • iPhone 5 has a faster CPU. hooray.
  • iPhone 5 has a different connector. wtf.

Aside from that, memory is the same, Bluetooth, camera, storage, display pixel density, audio, blah blah blah… all the same. Not mind blowing. Evolution not revolution.

But the bigger deal, the one that all of us will get, is IOS6. IOS6 is a big deal because it adds upwards of 200 new features and improvements. So why is it a big deal? Let me walk you through it.

Maps
Apple acquired a few companies over the last couple years and is finally replacing the Google Maps app with its own. Who cares? Well, you should.
The new maps app offers true turn-by-turn directions (with help from TomTom), crowd-sourced and real-time incident traffic reports (fastest route will actually mean something now), voiced by Siri with real-time integration with Yelp and a number of other services. Maps also has that super cool fly-over capability that will allow you to really drill in to see where you are… or where you want to be.

Siri
I often ask “Siri, why are you fucking with me?” to my iPhone. Because in most cases Siri screws up or doesn’t respond. But with IOS6, Siri has gotten smarter. She can now launch apps, send tweets, she integrates with opentable and yelp to check restaurant reviews and make reservations. She will pull rottentomatoes movie times and movie reviews. Epic. She will also be available on the iPad, which is also lovely.

Facebook Integration
Most people will love this. (I, myself, am not on Facebook, so it matters little to me, however…) Facebook is getting some major integration in this new update. With the ability to log into Facebook from the iPhone, users have easier access to Facebook in their apps, via web browser and also via Siri. Facebook contacts, birthdays and events will also now integrate with your calendar and local address book.

Quiet Time
In the phone app itself, Apple has made it easier to text folks back if you can’t take a call, or to enable a “Do Not Disturb” mode where the screen won’t come on, there won’t be any noise or vibrations so if you’re trying to sleep, or don’t want to be woken up at 4am by that crazy ex, you’ll love this. They can drunk dial for days and you’ll not even bat an eyelash.

FaceTime Over Cellular
FaceTime will now work over cellular connections, so you’re not dealing with Skype’s shitty ass IOS app that crashes every time you make a connection. Awesome.

Safari
Safari will get offline reading lists, a rip off of Instapaper, and a feature that came out in Windows 98.

Photos
Users can now share groups of photos to their friends over iCloud. Because not everyone has or wants to use photos. Especially for the nude photos.

Mail
There is a new VIP feature (from OSX Mountain Lion) that will highlight mail from people you need to prioritize, like your boss, your mom or the IRS.

Passbook
Have a ton of little “loyalty cards” from CVS, your local grocery store, AMC Theaters, Century 21, and all the others? Yea, me too. Like several other apps in both Android and Apple app stores, this collects all of your loyalty card data but also adds ticket information and other info into one central place for easy access and easy viewing. And it’s location-enabled so it knows what to show based on where you are (so you can get your movie tickets at the theater, your plane ticket at the airport, or your CVS card at… well… CVS.)

I’ll totally use this.

The update will be out on September 19th. So stay tuned.

Mountain Lion review

I’ll admit that I’ve been using Mountain Lion for the last few months, performing the updates, dealing with a few pieces of software which weren’t compatible (until today, Evernote shit the bed each and every time I opened it) but as of tonight I upgraded to the latest Release Candidate and what a difference it made.

I could be crazy but it seems MUCH faster. Granted my laptop is a beast, but fuck me is it fast. Everything is fast. Opening applications, browsing the web via firefox, closing applications, switching applications. Fast. And that’s very exciting.

Dictation is neat. Siri has been a bit of a challenge as it’s interactive, but I like the fact that Dictation will learn based on how you talk. Neat. I’m sure I’ll use that on a much more regular basis, as I find myself using dictation on my iPhone on a very constant basis. Let’s face it, we can talk faster than we can type. And the Human Interface Device is currently the issue that we, as humans, face. Using our hands? Think of version 2 of Siri. Of version 3. It will be fantastic.

But back to Mountain Lion. I’m still exploring, but I love the single search bar for URLs and for Google Searching. No more little browser bar for each search, no more big browser address bar for URLs. (Thank you Google Chrome for the inspiration).

Mountain Lion is evolution not revolution. It’s a step forward, it polishes up the applications (iCal, Contacts, Mail, etc.) and it does so in a very subtle way.

To see more about OSX Mountain Lion (which is due somewhere in late July) you can read about all of them here: http://www.apple.com/osx/ and I hope you enjoy the performance changes as I do. Your comments, of course, are always welcome.

iPad 3 review:

I stood in line at Walmart last night in hopes of picking up a new iPad 3. Though I pre-ordered one, it wasn’t scheduled to ship until the 19th. And frankly, waiting that long just wasn’t in the cards. So off I went at 9:30pm last night, expecting a line half way down the block. I was shocked to find that I was the only one there for the iPad 3. So the line began behind me.

 
A few hours later I left with a 64 gig WIFI + 4G on AT&T, a dream and a prayer. 
 
Image
 
My previous iPad, the Generation One iPad, has been very good to me. I used her religiously, even up to last night while waiting to purchase the new one. So my review of this iPad may be a bit skewed. I didn’t own an iPad 2. So the jump for me is two generations, and with that, an entirely new experience.
 
I’ll start with the obvious:
 
1. The CPU/GPU: She’s fast. She’s really really fast. Switching apps, downloading, the multi gestures to swipe from one app to the next…  fast. Though my current apps are lower res, and not taking full advantage of the speedier processor and the jump in GPU, the current apps are really really impressive. And they’re only going to get better.
 
2. The Retina Display: As an iPhone 4s user, I know I’m already spoiled. I stood my Generation One iPad beside the Generation three iPad, and frankly, I’m not seeing a huge difference. At least, not at face value. The majority of the content I have isn’t HD. Yet. But now with the massive 64 gigs of space, I can see the content quality taking a significant jump. Till then, drilling in on text I could see a difference in Generation one vs. Generation three, but frankly, it wasn’t mind blowing. It was cleaner, but not something I’d lose my mind over.
 
3. Camera: The first thought of the iPad with a camera with the Generation two sounded ridiculous. But now having one, aside from looking like a tool waving an iPad around to take a photo, the photos look great. Not iPhone 4s good. But still really good. I’ll be using it for FaceTime and Skype. 
 
My only gripe, thus far, is the idiotic “case”. I bought the iPad Three [Project Red] with the magnetic cover. The challenge is that it protects nothing but the screen itself. Not the back, the sides, and frankly, if you drop this thing, it’s a goner. Idiotic case. So bad, in fact, I’ll probably return it and buy something more substantial. Dropping a $1k device on the ground with a “case” that does nothing but protect the front from scratches and saves me a single step of clicking the top button. Stupid.
 
I’ll update this as time passes.
 
 
Did you get yours? Thoughts? 

Me electric bill is “teh suck”

I was ripping up my floor when it happened. I, for one reason or another, bent down at the now bare concrete wall, pulled the pile of wood pieces from the previous flooring and reached under the drywall, the edge of which was now exposed.

I was shocked.

There was nothing there. Not a stitch of insulation. Just drywall glued to cinder-bloc. Not even a frame. Nothing. I almost choked. “What kind of low rent building did I buy into?!?” and that’s what started this project.

First step, rip the drywall out, fill the HOLES in the cinderblock (Let’s put it this way, I could see sunlight coming through the wall), frame everything, then spray foamed the hell out of it. That was a very quick way to burn through a grand in materials, but it cut 1/3rd off my electric bill from last year, where my biggest bill was $1200. I shit you not. For a one bedroom apartment. But I still don’t understand WHY it was still sitting at $300 a month for a 1 bedroom apartment, which, btw, I only use one room of.

This building has HVAC units. If you’ve ever had the displeasure of owning one, you’ll know what I’m talking about. Essentially HVAC stands for “Heater/Ventilation/Air Conditioner” which is an acronym which describes exactly the things it’s really really shitty at. For heat, these things are essentially a heater coil and a fan that blows hot air up at the ceiling. Very useful when you want to heat the air over your head. They don’t come with thermostats, so essentially if you want to adjust the temperature, you have to turn the knob. More blue or more red. Not “71 degrees fahrenheit”. And the way they work IN the apartment is basically there’s a giant hole cut in the side of the building directly into your apartment where they push these things in with a really shoddy seal.

Even better.

So, back to being green.

I stopped using my HVAC units. All three. And I sealed the hole between the exterior of the building, and the HVAC by putting fiber board insulation, and then adding pink insulation all around the HVAC and then stuffed it tight by any means necessary. As a replacement, I bought a Vornado heater/fan unit. This thing is neat. It’s sort of a space heater, looks like a fan, doesn’t get hot to the touch and has this phenomenal futuristic technology called a “thermostat”, which, unlike the HVAC don’t require you to dial “more red or more blue”.

This thermostat technology is going to be HUGE! You can actually just set this thing at a temperature… say… 71 degrees fahrenheit, and it’ll maintain that room temperature. It’s saved me hundreds this winter. Fantastic.

But my electric bill was STILL 300 bucks.

Damn it!

So I took this green tech thing even more seriously. I went Belkin power conservation crazy. First I bought a Belkin Conserve switch. It’s essentially a power strip with a remote that you can completely power off all the things that are vampire sucking power when still powered off. Examples being the surround sound processor, floor lamp, the subwoofer, the Xbox, the TV and one of my switches.

While I was at it I purchased a Belkin Conserve Insight unit. This puppy plugs into the wall, then the device in question plugs into that. And what it gives you is this really cool little display of how much power that device or devices plugged into it consumes, as well as what it costs on a monthly/yearly basis. And so I’ve gone around the house trying to identify  wtf is consuming over $300 in electricity. I’ve found that the Vornado heater uses between $75 and 100$ per month. I also found that my computer only costs me about $20.00 a month, and that was before I configured my computer to sleep at 1am each night and come back at 7am. No need to be online at that time. I’m not running SETI at home.

On the same Belkin train, I purchased the Belkin Conserve Socket Energy-Saving Outlet. Plug it into the wall. Plug a device into it. Then set your time at a half hour, three hours or six hours. When you need to use it, press the button. So what’s the use case? I set one at 30 minutes, and into that I plugged in my kitchen appliances on a power strip. When I need to use the microwave, or anything else plugged into that little nugget, it’s as simple as pushing a button and it stays on for 30 minutes, then automatically powers off. When I want to power my cordless drill, dremel, etc. I plug them in and let them charge for 6 hours. No need to leave it charging forever.

Finally, I bought a boat load of LED spotlight (G10) bulbs from various vendors. They consume between three and four watts per bulb. In my bathroom alone I have six lights. So, consider this, six lights in the bathroom times 35 watts per bulb is 210 watts being used. With the LED bulbs I’m now using 18 watts. That’s a MASSIVE decrease in power consumption! And I did these all through the house! They are dimmable, they use less power than the previous bulbs and lastly, they last 25 years.

I’ll get my power bill at the end of the month. Thus far I’m still scratching my head as my Belkin Insight isn’t telling me who the big culprit is, however, I’m hoping to find the sneaky bastard sucking up all my power, and with it, banish my electric bill down to 1/3rd of its current amount.

I’ll keep you updated.

10 days of Blackhat/Defcon: Two ends of the same [exhausting] spectrum.

I can tell that I’m getting old. I know this because I felt like an old man at Defcon. I couldn’t help but feel like it’s turned into a fashion show. A tourist attraction to helpdesk employees and wannabe’s. Out of the maybe 100 people I spoke to perhaps 10 of us actually know/do/understand some aspect of security. So wtf were those other 90 people? I’ll let you ponder that.

Lamest ResponseI shouldn’t complain, though. I loved it. I loved every minute of it. Though I wish I was as popular as Bijoux during DefCon, it felt great to see some friends. It was great to talk tech, ponder the future of netsec, and laugh at Dan Kaminski’s expense. (Does ANYONE know why DK was wearing a leather coat in the desert? I fear we’ll never know.)

People have often asked me what’s the difference between Blackhat and DefCon. I’ve heard others say that Blackhat is corporate and DefCon is “real”. But I’m not sure that’s true. In my own humble opinion, Blackhat and DefCon are two ends of the same spectrum.

Blackhat is organized. Each talk is on time. Each break is on time. Each class runs for exactly the amount of time set aside. It’s professional. It’s corporate, private sector, public sector security. It’s the big picture. And you pay for that. The cost is aimed at the corporate budget and is almost prohibitively expensive for the individual nerd. The fun stuff is limited to the Pwnie awards and a workshop or two.

DefCon, on the other hand, is the opposite of that. It’s young. It’s chaotic. It’s less than $200 bucks for 2.5 days of madness. It’s up to 2 hour lines to hear speaker talks. I can proudly say that the black t-shirt uniform was in full swing. It was heavy heavy on the side of caucasian males conforming to non-conformity. It was the love of security at the nearly matrix level granular detail. This specific buffer overflow. This specific exploit. This specific vulnerability.

DefCon Beard Moustache Competition

And there’s fun at Defcon. Lock picking, Capture the flag, video games, scavenger hunts and a glorious beard/moustache competition hosted by Red Beard himself.

The vendor areas are so vastly different that they almost can’t be compared.

Blackhat vendor booths: Firewalls, IDS’s, Security hardware/software and vulnerability assessment/pen testing services.

DefCon vendor booths: Long range wireless antennas, lock pick sets, old school hardware, stickers and black t-shirts.

After nearly 10 days of Blackhat and DefCon I can tell you that it was a blast. I wish I’d seen/done more at DefCon. I wish I’d gone to more parties and met more people. I wish I’d kicked Moxie in the knee. Next year I’ll attempt to partake in more DefCon. More social activity. More convos with real hackers, with real netsec nerds and real digital gangsters. But in all it felt like home. Both sides of the same spectrum. Blackhat and DefCon.

Until then I’m glad it’s over, but I’m already yearning for next year.

The Haj of Netsec Nerds Worldwide: Blackhat Las Vegas

I arrived yesterday, ready for Blackhat again. Since this time last year, I’ve attended Blackhat: DC, Blackhat: Abu Dhabi and Blackhat: Europe. And here I am again. Blackhat Las Vegas.

It’s bar none my favorite show of the year. This is the big show. The haj of netsec nerds worldwide. This is our mecca. This is Blackhat/Defcon. The anticipation began to creep up a few weeks back when I came to Las Vegas for Cisco Live, which too, was a great show. But it’s not like this. Cisco Live is a networking event supported by sponsors. Blackhat is about the nerds. It’s about we who live and breathe security. It’s about the blackhats and the whitehats. And a bit of grey in between. This is a show for nerds by nerds.

Setup happened today for the training which starts tomorrow. I’m excited. Tomorrow is BackTrack training and rumor has it, BackTrack5 is being released. That’s really exciting as Backtrack is the premier penn testing tool used worldwide by hackers and security engineers worldwide.

This may sound like a shock to you, but I’ve seldom used BackTrack. My personal style has involved online tools to mask my identity. Online tools to do hours and hours of recon to craft my attack long before the trigger is pulled. I’ve always had the impression that BackTrack was more or less a brute forcers dream. So, I’ve never taken the plunge. I’ve used Metasploit, and Wireshark and a host of other recon and/or attack tools, but never once have I used a suite such as BackTrack to take a run at a network, hack hosts or take down applications. It’s such a different animal to me.

There’s a difference between hackers and penetration testers. Much of it comes down to time, but time plays a big part. A Pennetration Testers job is based on an hourly rate or by a salary. But he can’t take 6 months to penn test a network. So generally Penn testers go in, run through their checklist of ports to probe, OS’s to fingerprint and SQL to inject. Or the salary employee will try to push through the task as fast as possible to finish as fast as possible.

But the reality is… that’s not how hackers do it. When you hack… time is on your side. Time is your friend. You have lots of it. You’re not in a rush. Low and slow is the saying, and its never been more true than it is now.

As time goes by, I find myself saying that phrase quite a bit more lately than previously. “Low and slow.” And I can’t help but feel like it comes down to one basic thing that’s prompting that.

There are several technologies on the market today which are ridiculously expensive, and I can’t help but feel like they are nothing more than Dumbo’s feather for Security Architects and CISOs who don’t know any better. It gives them a false sense of confidence, OR they lose complete confidence in security due to the constant number of false positives being received.

Tomorrow starts the BackTrack course I’m auditing. And I’m excited to get started.

I’ll post more on how it goes, my thoughts on the tool and the teaching.