Thursday, May 28, 2009

Pimping Tha All New

The home of Snort, received a facelift last night! The site has been largely static and unchanged for some time now.

A shortlist of the new features on the new that should make life easier for all:

• New navigation
• Improved account management
• New user forums
• Persistent link panel
• Improved VRT subscription management

What this does NOT mean is that your tools that automatically fetch snort rules tarballs will be broken... everything is still 100% functional and up in that area.

Having said all of this, please check out the new for yourself!

I extend a hearty good job to the entire team for their efforts in this, it looks and functions excellently!


Tuesday, May 26, 2009

Baconator Renamed => Pulled_Pork

So, for some "mostly obvious reasons" I have renamed the Baconator project to Pulled_Pork. This was for a variety of reasons and if you really want to know I'll explain it.. Just drop by #snort on freenode... suffice it to say that this new name is more fitting. Please also note the google code location has changed from /p/baconator to /p/pulledpork. I did note on the baconator page that this change has occured.

The new location =>

As always, thanks for the support and please fetch the latest version to do some testing for me!


Monday, May 18, 2009

Baconator 0.1 Beta 2 (try me)

I have completed the 0.1 Beta 2 of Baconator and believe it to be fairly stable and user friendly! Please give it a roll (it's not in a tarball yet, so you will have to check it out as noted below) and let me know if you experience any issues or have any updates / features that you would like to see.

The timeline:
Release 0.1:(This is complete)

Release 0.2:(I have started to work on this piece, probably finished in a few more weeks)

Next Release...

Visit the google code site for info on how to check out the code etc..


N.J. accidentally reveals personal data of 28K unemployed residents

Article here =>

Somehow these statements make it ok? => "This is a fluke," department spokesman Kevin Smith said. "This was just a clerical error."

Right, it's just a clerical error that affects 28,000 individuals lol. I'll grant them that it's not as major as many other items that have occurred.. but they seem to not take it seriously is my short and sweet point!

Yes, they (as I have stated in the past) like all other agencies have a standard =>, but evidently as long as "It's just a clerical error" again, it's ok.

Anyway, just wanted to start the week off on a small soap box ;-)


Thursday, May 14, 2009

Snort 2.8.5 at get it while it's hot!

A beta version of Snort 2.8.5 is now available on, at

Snort 2.8.5 introduces:

- Ability to specify multiple configurations (snort.conf and everything
it includes), bound either by Vlan ID or IP Address. This allows you
to run one instance of Snort with multiple snort.conf, rather than
having separate processes.

- Continued inspection of traffic while reloading a configuration.
Add --enable-reload option to your configure script prior to building.

- Rate Based Attack prevention for Connection Attempts, Concurrent
Connections, and improved rule/event filtering. See README.filters
for details.

- SSH preprocessor (no longer experimental)

- Performance improvements in various places

Please see the Release Notes and ChangeLog for more details.

Please submit bugs, questions, and feedback to

Wednesday, May 13, 2009

DC Agency Accidentally Emails PII about College Financial Aide Applicants <= WHAT?

Yes, the headline is indeed true. Yet another in a seemingly endless series of silly (stupid) mistakes made by individuals that lead to significant data leakage.

The Article:
D.C. Agency Accidentally E-Mails Personal Data About College Financial Aid Applicants

How many times is this going to happen before people begin to take things as simple as user education / training, as related to security, seriously? Having worked for a variety of branches within the federal government, I can tell you that they do have some fairly basic protocols in-place that allow for basic online (depending on the agency/organization either annual, semi-annual etc...) instruction and in the same session, testing. This then creates a nifty little certificate that you can hang in your little cubicle and is tracked by the CSO (or equivalent thereof) to provide for proof that said Agency/organization is meeting with their requirements.

Evidently though, the "don't email sensitive rubbish out" section was missing in the OSSE's online curriculum?

You tell me...