Matt Fisher on Security, Computers and Life

Wow, I don’t know how I missed Cadie’s presence all over Google – oh yeah, I have a job.  So while at 5:45 this m0rning there wasn’t much on the Cadie blog, turns out the Google pranksters were hard at work (?) letting Cadie put her touch on all things google, including: Maps, Images, Books, Knowledge, Earth, Mail, Code, Docs, and then some.  My personal favourite is still blogspot, although really it represents more of a MySpace or Facebook but still sums up my whole attitude towards the social networking sites.   There’s a couple nods to 419′ers in Maps and Mail.  Cadie did a great job with Google code, returning all questions with references to INTERCAL ( a spoof language.  Yes, people spoof programming languages.  It’s a geek nerd thing).   If you query her GCode too often, she pushes you back to work. Seriously. 

I don’t have time to link all the images back to their origin sites, sorry, but a little googling will quickly yield the way.  Gbots, great job on April Fools Day.  I wish I had more time during the day to enjoy it all, but at least I got to enjoy it towards the end of April Fools. 

What a remarkable non-event the entire Conficker saga became.  With MONTHS of reseach, and loads and loads of the usual media hype complete with industry pundants and “experts”, Conficker failed to deliver the goods, leaving tons of patching teams exhausted, incident response folks waiting in vain, and for those of who predicted a non-event, smuggly saying “I Told You So” and then writing sad little blog posts to further remind everyone that, well, I told you so.  

Frankly, I’m a little disappointed.  With that much alledged effort going into the worm, you’d hope that at the least it would rickroll everyone by proxying http, or just poisoning the local DNS cache.  But nope, nothing.  

I can’t bring myself to watch mainstream news on internet worms because, well, it’s like watching a really bad war movie where everyone in the theater thinks it’s great but as the one guy who was actually Infantry I can’t help laughing at it .   I heard that 60 minutes did this huge hype up on Conficker though, including showing of keystroke loggers, so I googled them up.  Sure ’nuff, they’ve got their “Internet Expert.”  Sorry what ? Internet Expert ? What the fuck is that ? Oh wait AND he’s a lawyer. Great. This link is NOT clicking through; they deserve no more hits.

So, after RickRolling the local CapSec through the auspices of a “follow the sun” conficker analysis, I received a reply back to this great article from Brian Krebs.  Brian writes for the Washington Post online, and I think he does a really good job.   Unlike some other outlets (such as Wired, which I’m becoming increasingly unfond of) he write about security *for* security folks, and he seems to really GET it.  He doesn’t even complain when he writes about XSS on his blog, and I XSS his comments  

He’s a good guy to hang out with too.  Of course, you still have to be careful what you say in front of the media – on or off the record – and I’ve had to play it mum on a lot of stuff while hanging out with him.  Too bad too, he probably would have loved to scoop some of the stuff I (’ve worked | am working) .  Well Brian, if you read this, maybe next time I’ll tell you some of the older stories that are now safe to tell

Anyhow, here’s a thumb of Brian’s article.  Click through to the full Washing Post Security Fix article for a nice April Fools’ Read.  [ Note: The editor's note prefacing it as a prank is new.  This morning the only indiciation for those whom hadn't already figured it out was at the very bottom of the article].

Brian Krebs April Fools' Conficker Worm article for the Washington Post Online

Anyhow, Brian posted this great blog update on Conficker.  Click through the image to get to the full Post article.

A couple years ago I came *this* close to getting the SPI Press Relations lady to issue a PR based on a Sci-Gen paper.  Well this year, Sci-Gen struck again.  At my one customer site people had started talking up the annual conference to get folks into the frame of mind to submit talks.  I quickly conferred with a colleague who agreed to have his name put on the Sci-Gen paper, and then sent it out to most of the department as an RFC for our submission.

Two responses back: one privately acknowledging the gag, and one reply-to-all from a peer who said it was great, let him know if we need any special equipment, leave extra time for demo’s, etc. 

There were multiple high fives, it was just too nice

I noticed that Gmail is now sporting some CADIE upgrades too, this time with complete auto-response capabilities.  Sweet.  From talking casually with a few folks, this confused some people whom didn’t quite understand what they were reading.  Oh well <sigh>

Gmail on April Fools Day

Google’s was just as clever as YouTube, and combined a touch of Sci-Gen with Web Crap 2.0 for theirs.

Google Front-Page Announcement for CADIE

Google April Fools Day 2009

Google April Fools Day 2009

It’s April 1st, and you know what that means … YouTube tech’s have been up all night pushing their Rick Astley vid’s out to Akamai.  Of course, I was prepping my *own* RickRoll against CapSecDC – in the guise of a Conficker analysis (which likely noone would far for).  Turns out YouTube had the first laugh:

Edited 2205: I didn’t catch this this morning (hey, it was before 6 am) but all the front-page video’s featured inversion as a theme.  Well done YouTube !!

More YouTube Fun

uhm, I’m hoping that means they’re pre-diced or sauteed or something ….

used_shallots_nice

I don’t quite have a roaster.  Well, I have a graniteware roaster – you know them, they’re the speckled blue enamel stuff that looks like it was made for camping – and while that roaster (which still just costs 25 dollars new today) has a lid ( a feature even 300 dollar roasters are lacking), it doesn’t have a rack and I was unsure about attempting to roast anything in it, since it would end up sitting in it’s own juices. I did wander into the new Williams-Sonoma in the Mall to take a look at their roasters, and quickly decided that that store is really more about being fashionable than anything else.  They have 300 dollar roasters and 500 dollar knife sets.  Right-o.  Lolz, someone pays 500 dollars for knives with plastic handles.  Knife sets that come with sharpeners (uhm, hint, your average joe using one of those things is just going to ruin whatever hone is on there to begin with) .

OMG Knives

 Long story short, like generations before me I used my Granitewear roaster, although I didn’t use the lid. 

What did I use for a rack ? Well, my friend Karen suggested I just rest the duck on carrots and parsnip, so that’s what I did; came home from Giant with a pound bag of carrots, chopped half of that into pieces and threw them in, and cooked the duck on top of it.  I used my 15 year old wood handled chef knive that we probably got at Walmart back then to do the chopping.  It did fine. 

I rubbed the duck down with salt and pepper, cooked at 450, turning twice (45 minutes, turn, 45 minutes, turn, 20-30 some minutes till it seemed right) .

I lost the recipe I was going to use for the sauce, and found a new one that was probably closer to what I imagined in my head ( a traditional German goose recipe) but here’s what I ended up doing:

take about 8 plums, push the pits out of them.  I didn’t use a 30 dollar pitting tool either; I used the tube my meat thermometer sits in as a sheath, and it did a great job.  Throw the plums into a saucepan ( a really cheap, ancient saucepan we’ve had for years that’s all warped and discolored from overheating), threw in a generous amount of brandy.  then added about half a handful of some onion that was frozen, but which i had just chopped 4 days ago (still much better than frozen onion from the store).  I tossed in a pinch of minced garlic, and about 8 chestnuts, and started reducing it.  The brandy smell was incredibly strong, and I was afraid that it would be too noxious to the nose, so I added in some prune juice to mellow it.  Reduced, recued until nice and thick and syrupy, then poored some onto the plate, capturing some of the prune and chestnuts with it and then sliced off a wing, leg and thigh for myself.   Walked into the living room, sat down, and ….

… Dude. It was AWESOME.  I was so excited that I must have sounded like a teenager girl at a boy-bandconcert.  At one point my wife actually asked me “what does ‘oh my god ponies mean’ ? “  Seriously.  The duck was incredibly moist and perfectly cooked, and the skin was golden and crisp and so savory with all the salt and pepper.   The sauce ? To die for.  Sweet, smoky balanced.  I’m amazed at how much that little bit of onion and garlic added to it.   It was straight up ponies and rainbows.   The only thing I would do differently is chop the chestnuts so they can absorb more of the sauce.

As further testament to the duck, during the time it was cooling on the stove and I was frantically searching for that lost recipe, my wife had not only devoured her entire half of the bird (both sides), but was actually digging into the veg I had lined the roaster with as well.  I didn’t even get a shot at the frond and forget deglazing.  There was a clean line down half the roaster … in minutes.  Granted, it was super late at night, but my god that duck just really turned out great.

And this was for my first duck.  I didn’t have a scooby on roasting duck, having done my first turkey ever at Mother’s for Thanksgiving, but I think I’m getting the hang of it.  This cooking thing just keeps getting easier and easier, and all with a roaster that probably cost ten dollars 15 years ago, and a knive that probably wouldn’t fetch a singe  dollar at a yard sale.   The carcass is already in the freezer (duck stock … mmm) and what little remains of the dinner is tucked away in the fridge.  I stored it all in one container so the duck can absorb the plum sauce.  I think I’ll review it all tomorrow by :

a) touching up the sauce with a little more of the fire and dandy, and plum juice.  There won’t be much left for the prunes and chestnuts.
b) fry the duck in a seperate pan to crispen it again, possibly in butter, then
c) let the duck cook *in* the sauce a bit

Expensive fashionware be damned, I roasted me a duck on the cheap and it was right robin.