JF's security (and other things) log

Thanks to PentestMonkey.net for this.

MySQL:

MSSQL:

PostgreSQL:

SELECT * FROM dblink('host=put.your.hostname.here user=someuser  dbname=somedb', 'SELECT version()') RETURNS (result TEXT);

Oracle:

Ingres:

The
following areas are interesting enough to include on this page, but I
haven't researched them for other databases:

DB2:

Informix:

set INFORMIXDIR=C:\PROGRA~1\IBM\IBMINF~1\11.50<br />set INFORMIXSERVER=testservername<br />set ONCONFIG=ONCONFIG.testservername<br />set PATH=C:\PROGRA~1\IBM\IBMINF~1\11.50\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\PROGRA~1\ibm\gsk7\bin;C:\PROGRA~1\ibm\gsk7\lib;C:\Program Files\IBM\Informix\Clien-SDK\bin;C:\Program Files\ibm\gsk7\bin;C:\Program Files\ibm\gsk7\lib<br />set CLASSPATH=C:\PROGRA~1\IBM\IBMINF~1\11.50\extend\krakatoa\krakatoa.jar;C:\PROGRA~1\IBM\IBMINF~1\11.50\xtend\krakatoa\jdbc.jar;<br />set DBTEMP=C:\PROGRA~1\IBM\IBMINF~1\11.50\infxtmp<br />set CLIENT_LOCALE=EN_US.CP1252<br />set DB_LOCALE=EN_US.8859-1<br />set SERVER_LOCALE=EN_US.CP1252<br />set DBLANG=EN_US.CP1252<br />mode con codepage select=1252<br />

Identifying on the network

From here:

Happy New Year, everyone. I hope 2010 is a healthy and meaningful one for you all. The new year is a time of new beginnings and promises to ourselves to be better in our personal and professional lives (It's also a time to visit the local shrine here in Japan). So the first presentation I point to this year is one that has a message that is important no matter who you are or what kind of work you're engaged in. In this TEDx talk below, National Geographic writer and explorer Dan Buettner shares what the world's longest-lived peoples have in common. Buettner condensed the findings into nine easy-to-remember lifestyle habits. The presentation is good in terms of content and delivery; Buettner is an engaging figure. Visually, the presentation would be even better if he ditched that typical PowerPoint template in favor of slides with a dark background that fit the feel of his other visuals. However, except for that I really like the way he effortlessly mixes in high quality images and video to augment his narrative. You are starting to see more and more people now mix in full-screen video clips (with the audio removed) with other images while they tell their stories or share their evidence.

Dan Buettner: How to live to be 100+

  
I'm not crazy about the typical PowerPoint template used in a few of the slides, but most of the time the screen was filled with full-screen images (Left) or video clips (Right) that were a good complement to the talk.

In Sum
What are the common denominators running through the different cultures they studied? If you do not have time to watch the video, I summarized them below in my own words. You can go to the Blue Zones website to get all the details.

Move Naturally
(1) You don't need a formal, rigorous exercise plan. We're talking here a change in lifestyle that is fundamentally active. We're designed to move. We've not meant to drive 100 meters in a car to pick up chips at the local store. Walk, do yard work, whatever. Do exercises/activities that you enjoy.

Have Right Outlook
(2) Slow down. When you're constantly in a hurry and stressed out, this has a negative impact on your health. Limiting negative stress is one of the healthiest things you can do for yourself.
(3) Have a clear purpose. The Japanese call it "ikigai" ???? (lit: life + value, be worth while). You must have a passion, a calling, a purpose. There's got to be a reason to get out of bed every day.

Eat Wisely
(4) Drink a little (wine) everyday.
(5) Eat mainly plant-based foods. Small amounts of meat and fish are OK.
(6) Hara Hachi Bu: Eat until 80% full. Do not eat eat until you're stuffed. (I've talked about this many time before in the context of presentation.)

Be Connected with others
(7) Put family, loved ones first.
(8) Belong to a community. Many in his study belonged to faith-based communities.
(9) Belong to the right tribe. That is, hang out with people with healthy habits, physical and emotional ones.

How to live a long, healthy life in one slide
Even nine recommendations can be hard to remember, so I simplified the advice down to five in this Keynote slide that capture the essence of the tips from Dan Buettner's good TEDx talk.


(Click on image of slide for a larger size.)

From here:

-------------------------------

Fall of 2009 marks the 20th anniversary of the start of my professional security career. That was the first day someone stuck a yellow shirt on my back and sent me into a crowd of drunk college football fans at the University of Colorado (later famous for its student riots). I'm pretty sure someone screwed up, since it was my first day on the job and I was assigned a rover position -- which normally goes to someone who knows what the f&%$ they are doing, not some 18 year old, 135-lb kid right out of high school. And yes, I was breaking up fights on my first day (the stadium wasn't dry until a few years later).

If you asked me then, I never would have guessed I'd spend the next couple decades working through the security ranks, eventually letting my teenage geek/hacker side take over. Over that time I've come to rely on the following guiding principles in everything from designing my personal security to giving advice to clients:

1. Don't expect human behavior to change. Ever.
2. You cannot survive with defense alone.
3. Not all threats are equal, and all checklists are wrong.
4. You cannot eliminate all vulnerabilities.
5. You will be breached.

There's a positive side to each of these negative principles:

1. Design security controls that account for human behavior. Study cognitive science and practical psychology to support your decisions. This is also critical for gaining support for security initiatives, not just design of individual controls.
2. Engage in intelligence and counter-threat operations to the best of your ability. Once an attack has started, your first line of security has already failed.
3. Use checklists to remember the simple stuff, but any real security must be designed using a risk-based approach. As a corollary, you can't implement risk-based security if you don't reallyunderstand the risks; and most people don't understand the risks. Be the expert.
4. Adopt anti-exploitation wherever possible. Vulnerability-driven security is always behind the threat.
5. React faster and better. Incident response is more important than any other single security control.

With one final piece of advice -- keep it simple and pragmatic.

And after 20 years, that's all I've got...

—Rich

Very interesting post from Slate magazine:

Why are we so bad at detecting the guilty and so good at collective punishment of the innocent?

I just read some VERY interesting reading, something I've noticed myself even though I'm only a new parent.

--------------------------

From here with some deleted links (just advertising for other Time.com articles):

The insanity crept up on us slowly; we just wanted what was best for our kids. We bought macrobiotic cupcakes and hypoallergenic socks, hired tutors to correct a 5-year-old's "pencil-holding deficiency," hooked up broadband connections in the treehouse but took down the swing set after the second skinned knee. We hovered over every school, playground and practice field — "helicopter parents," teachers christened us, a phenomenon that spread to parents of all ages, races and regions. Stores began marketing stove-knob covers and "Kinderkords" (also known as leashes; they allow "three full feet of freedom for both you and your child") and Baby Kneepads (as if babies don't come prepadded). The mayor of a Connecticut town agreed to chop down three hickory trees on one block after a woman worried that a stray nut might drop into her new swimming pool, where her nut-allergic grandson occasionally swam. A Texas school required parents wanting to help with the second-grade holiday party to have a background check first. Schools auctioned off the right to cut the carpool line and drop a child directly in front of the building — a spot that in other settings is known as handicapped parking.

We were so obsessed with our kids' success that parenting turned into a form of product development. Parents demanded that nursery schools offer Mandarin, since it's never too soon to prepare for the competition of a global economy. High school teachers received irate text messages from parents protesting an exam grade before class was even over; college deans described freshmen as "crispies," who arrived at college already burned out, and "teacups," who seemed ready to break at the tiniest stress.

This is what parenting had come to look like at the dawn of the 21st century — just one more extravagance, the Bubble Wrap waiting to burst.

All great rebellions are born of private acts of civil disobedience that inspire rebel bands to plot together. And so there is now a new revolution under way, one aimed at rolling back the almost comical overprotectiveness and overinvestment of moms and dads. The insurgency goes by many names — slow parenting, simplicity parenting, free-range parenting — but the message is the same: Less is more; hovering is dangerous; failure is fruitful. You really want your children to succeed? Learn when to leave them alone. When you lighten up, they'll fly higher. We're often the ones who hold them down.

A backlash against overparenting had been building for years, but now it reflects a new reality. Since the onset of the Great Recession, according to a CBS News poll, a third of parents have cut their kids' extracurricular activities. They downsized, downshifted and simplified because they had to — and often found, much to their surprise, that they liked it. When a TIME poll last spring asked how the recession had affected people's relationships with their kids, nearly four times as many people said relationships had gotten better as said they'd gotten worse. "This is one of those moments when everything is on the table, up for grabs," says Carl Honoré, whose book Under Pressure: Rescuing Our Children from the Culture of Hyper-Parenting is a gospel of the slow-parenting movement. He likens the sudden awareness to the feeling you get when you wake up after a long night carousing, the lights go on, and you realize you're a mess. "That horrible moment of self-recognition is where we are culturally. I wanted parents to realize they are not alone in thinking this is insanity, and show there's another way."

How We Got Here
Overparenting had been around long before Douglas MacArthur's mom Pinky moved with him to West Point in 1899 and took an apartment near the campus, supposedly so she could watch him with a telescope to be sure he was studying. But in the 1990s something dramatic happened, and the needle went way past the red line. From peace and prosperity, there arose fear and anxiety; crime went down, yet parents stopped letting kids out of their sight; the percentage of kids walking or biking to school dropped from 41% in 1969 to 13% in 2001. Death by injury has dropped more than 50% since 1980, yet parents lobbied to take the jungle gyms out of playgrounds, and strollers suddenly needed the warning label "Remove Child Before Folding." Among 6-to-8-year-olds, free playtime dropped 25% from 1981 to '97, and homework more than doubled. Bookstores offered Brain Foods for Kids: Over 100 Recipes to Boost Your Child's Intelligence. The state of Georgia sent every newborn home with the CD Build Your Baby's Brain Through the Power of Music, after researchers claimed to have discovered that listening to Mozart could temporarily help raise IQ scores by as many as 9 points. By the time the frenzy had reached its peak, colleges were installing "Hi, Mom!" webcams in common areas, and employers like Ernst & Young were creating "parent packs" for recruits to give Mom and Dad, since they were involved in negotiating salary and benefits.

Once obsessing about kids' safety and success became the norm, a kind of orthodoxy took hold, and heaven help the heretics — the ones who were brave enough to let their kids venture outside without Secret Service protection. Just ask Lenore Skenazy, who to this day, when you Google "America's Worst Mom," fills the first few pages of results — all because one day last year she let her 9-year-old son ride the New York City subway alone. A newspaper column she wrote about it somehow ignited a global firestorm over what constitutes reasonable risk. She had reporters calling from China, Israel, Australia, Malta. ("Malta! An island!" she marvels. "Who's stalking the kids there? Pirates?") Skenazy decided to fight back, arguing that we have lost our ability to assess risk. By worrying about the wrong things, we do actual damage to our children, raising them to be anxious and unadventurous or, as she puts it, "hothouse, mama-tied, danger-hallucinating joy extinguishers."

Skenazy, a Yale-educated mom who with her husband is raising two boys in New York City, had ingested all the same messages as the rest of us. Her sons' school once held a pre-field-trip assembly explaining exactly how close to a hospital the children would be at all times. She confesses to being "at least part Sikorsky," hiring a football coach for a son's birthday and handing out mouth guards as party favors. But when the Today show had her on the air to discuss her subway decision, interviewer Ann Curry turned to the camera and asked, "Is she an enlightened mom or a really bad one?"

From that day and the food fight that followed, she launched her Free Range Kids blog, which eventually turned into her own Dangerous Book for Parents: Free-Range Kids: Giving Our Children the Freedom We Had Without Going Nuts with Worry. There is no rational reason, she argues, that a generation of parents who grew up walking alone to school, riding mass transit, trick-or-treating, teeter-tottering and selling Girl Scout cookies door to door should be forbidding their kids to do the same. But somehow, she says, "10 is the new 2. We're infantilizing our kids into incompetence." She celebrates seat belts and car seats and bike helmets and all the rational advances in child safety. It's the irrational responses that make her crazy, like when Dear Abby endorses the idea, as she did in August, that each morning before their kids leave the house, parents take a picture of them. That way, if they are kidnapped, the police will have a fresh photo showing what clothes they were wearing. Once the kids make it home safe and sound, you can delete the picture and take a new one the next morning.

That advice may seem perfectly sensible to parents bombarded by heartbreaking news stories about missing little girls and the predator next door. But too many parents, says Skenazy, have the math all wrong. Refusing to vaccinate your children, as millions now threaten to do in the case of the swine flu, is statistically reckless; on the other hand, there are no reports of a child ever being poisoned by a stranger handing out tainted Halloween candy, and the odds of being kidnapped and killed by a stranger are about 1 in 1.5 million. When parents confront you with "How can you let him go to the store alone?," she suggests countering with "How can you let him visit your relatives?" (Some 80% of kids who are molested are victims of friends or relatives.) Or ride in the car with you? (More than 430,000 kids were injured in motor vehicles last year.) "I'm not saying that there is no danger in the world or that we shouldn't be prepared," she says. "But there is good and bad luck and fate and things beyond our ability to change. The way kids learn to be resourceful is by having to use their resources." Besides, she says with a smile, "a 100%-safe world is not only impossible. It's nowhere you'd want to be."

Dispatches from the Front Lines
Eleven parents are sitting in a circle in an airy, glass-walled living room in south Austin, Texas, eating organic, gluten-free, nondairy coconut ice cream. This is a Slow Family Living class, taught by perinatal psychologist Carrie Contey and Bernadette Noll. "Our whole culture," says Contey, 38, "is geared around 'Is your kid making the benchmarks?' There's this fear of 'Is my kid's head the right size?' People think there's some mythical Good Mother out there that they aren't living up to and that it's hurting their child. I just want to pull the plug on that."

The parents seem relieved to hear it. Matt, a textbook editor, reports that he and his wife quit a book club because it caused too much stress on book-club nights, and stopped fussing about how the house looks, which brings nods all around the room: let go of perfectionism in all its tyranny. Margaret, a publishing executive, tells her own near-miss story of how she stepped back from the brink of insanity. On her son's fourth birthday, she says, "I'm like 'Oh, my God, he's eligible for Suzuki!' I literally got on the phone and called 12 Suzuki teachers," she says, before realizing the nightmare she was creating for herself and her child. Shutting down your inner helicopter isn't easy. "This is not a shift in perspective that occurs overnight," Matt admits after class. "And it's not every day that I consciously sit down and ask myself hard questions about how I want family life to be slower or better."

Fear is a kind of parenting fungus: invisible, insidious, perfectly designed to decompose your peace of mind. Fear of physical danger is at least subject to rational argument; fear of failure is harder to hose down. What could be more natural than worrying that your child might be trampled by the great, scary, globally competitive world into which she will one day be launched? It is this fear that inspires parents to demand homework in preschool, produce the snazzy bilingual campaign video for the third-grader's race for class rep, continue to provide the morning wake-up call long after he's headed off to college.

Some of the hovering is driven by memory and demography. This generation of parents, born after 1964, waited longer to marry and had fewer children. Families are among the smallest in history, which means our genetic eggs are in fewer baskets and we guard them all the more zealously. Helicopter parents can be found across all income levels, all races and ethnicities, says Patricia Somers of the University of Texas at Austin, who spent more than a year studying the species at the college level. "There are even helicopter grandparents," she notes, who turn up with their elementary-school grandchildren for college-information sessions aimed at juniors and seniors.

Nor is this phenomenon limited to ZIP codes where every Volvo wagon just has to have a University of Chicago sticker on it. "I'm having exactly the same conversations with coaches, teachers, parents, counselors, whether I'm in Wichita or northern Canada or South America," says Honoré. His own revelation came while listening to the feedback about his son in kindergarten. It was fine, but nothing stellar — until he got to the art room and the teacher began raving about how creative his son was, pointing out his sketches that she'd displayed as models for other students. Then, Honoré recalls, "she dropped the G-bomb: 'He's a gifted artist,' she told us, and it was one of those moments when you don't hear anything else. I just saw the word gifted in neon with my son's name ..." So he hurried home and Googled the names of art tutors and eagerly told his son all about the special person who would help him draw even better. "He looks at me like I'm from outer space," Honoré says. "'I just wanna draw,' he tells me. 'Why do grownups have to take over everything?' "

"That was a searing epiphany," Honoré concludes. "I didn't like what I saw." He now writes and lectures about the many fruits of slowing down, citing research that suggests the brain in its relaxed state is more creative, makes more nuanced connections and is ripe for eureka moments. "With children," he argues, "they need that space not to be entertained or distracted. What boredom does is take away the noise ... and leave them with space to think deeply, invent their own game, create their own distraction. It's a useful trampoline for children to learn how to get by."

Other studies reinforce the importance of play as an essential protein in a child's emotional diet; were it not, argue some scientists, it would not have persisted across species and millenniums, perhaps as a way to practice for adulthood, to build leadership, sociability, flexibility, resilience — even as a means of literally shaping the brain and its pathways. Dr. Stuart Brown, a psychiatrist and the founder of the National Institute for Play — who has a treehouse above his office — recalls in a recent book how managers at Caltech's Jet Propulsion Laboratory (JPL) noticed the younger engineers lacked problem-solving skills, though they had top grades and test scores. Realizing the older engineers had more play experience as kids — they'd taken apart clocks, built stereos, made models — JPL eventually incorporated questions about job applicants' play backgrounds into interviews. "If you look at what produces learning and memory and well-being" in life, Brown has argued, "play is as fundamental as any other aspect.'' The American Academy of Pediatrics warns that the decrease in free playtime could carry health risks: "For some children, this hurried lifestyle is a source of stress and anxiety and may even contribute to depression." Not to mention the epidemic of childhood obesity in a generation of kids who never just go out and play.

Remember, Mistakes Are Good
Many educators have been searching for ways to tell parents when to back off. It's a tricky line to walk, since studies link parents' engagement in a child's education to better grades, higher test scores, less substance abuse and better college outcomes. Given a choice, teachers say, overinvolved parents are preferable to invisible ones. The challenge is helping parents know when they are crossing a line.

Every teacher can tell the story of a student who needed to fail in order to be reassured that the world wouldn't come to an end. Yet teachers now face a climate in which parents ghostwrite students' homework, airbrush their lab reports — then lobby like a K Street hired gun for their child to be assigned to certain classes. Principal Karen Faucher instituted a "no rescue" policy at Belinder Elementary in Prairie Village, Kans., when she noticed the front-office table covered each day with forgotten lunch boxes and notebooks, all brought in by parents. The tipping point was the day a mom rushed in with a necklace meant to complete her daughter's coordinated outfit. "I'm lucky — I deal with intelligent parents here," Faucher says. "But you saw very intelligent parents doing very stupid things. It was almost like a virus. The parents knew that was not what they intended to do, but they couldn't help themselves." A guidance counselor at a Washington prep school urges parents to find a mentor of a certain disposition. "Make friends with parents," she advises, "who don't think their kids are perfect." Or with parents who are willing to exert some peer pressure of their own: when schools debate whether to drop recess to free up more test-prep time, parents need to let a school know if they think that's a trade-off worth making.

A certain amount of hovering is understandable when it comes to young children, but many educators are concerned when it persists through middle school and high school. Some teachers talk of "Stealth Fighter Parents," who no longer hover constantly but can be counted on for a surgical strike just when the high school musical is being cast or the starting lineup chosen. And senior year is the witching hour: "I think for a lot of parents, college admissions is like their grade report on how they did as a parent," observes Madeleine Rhyneer, dean of students at Willamette University in Oregon. Many colleges have had to invent a "director of parent programs" to run regional groups so moms and dads can meet fellow college parents or attend special classes where they can learn all the school cheers. The Ithaca College website offers a checklist of advice: "Visit (but not too often)"; "Communicate (but not too often)"; "Don't worry (too much)"; "Expect change"; "Trust them."

Teresa Meyer, a former PTA president at Hickman High in Columbia, Mo., has just sent the youngest of her three daughters to college. "They made it very clear: You are not invited to the registration part where they're requesting classes. That's their job." She's come to appreciate the please-back-off vibe she's encountered. "I hope that we're getting away from the helicopter parenting," Meyer says. "Our philosophy is 'Give 'em the morals, give 'em the right start, but you've got to let them go.' They deserve to live their own lives."

What You Can Do
Among the most powerful weapons in the war against the helicopter brigade is the explosion of websites where parents can confide, confess and affirm their sense that lowering expectations is not the same as letting your children down. So you gave up trying to keep your 2-year-old from eating the dog's food? You banged your son's head on the doorway while giving him a piggyback ride? Your daughter hates school and is so scared of failure she won't even try to ride a bike? "I just want to throw in the towel and give up on her," one mom posts on Truuconfessions.com. "This is NOT what I thought I was signing up for." Honestbaby.com sells baby T-shirts that say "I'll walk when I'm good and ready." Given how many books and websites drove a generation of parents mad with anxiety, a certain balance is restored to the universe when it becomes conventional for people to brag about what bad parents they are.

The revolutionary leaders are careful about offering too much advice. Parents have gotten plenty of that, and one of the goals of this new movement is to give parents permission to disagree or at least follow different roads. "People feel there's somehow a secret formula for parenting, and if we just read enough books and spend enough money and drive ourselves hard enough, we'll find it, and all will be O.K.," Honoré observes. "Can you think of anything more sinister, since every child is so different, every family is different? Parents need to block out the sound and fury from the media and other parents, find that formula that fits your family best."

Kim John Payne, author of Simplicity Parenting, teaches seminars on how to peel back the layers of cultural pressure that weigh down families. He and his coaches will even go into your home, weed out your kids' stuff, sort out their schedule, turn off the screens and help your family find space you didn't know you had, like a master closet reorganizer for the soul. But any parent can do it just as well. "We need to quit bombarding them with choices way before their ability to handle them," Payne says. The average child has 150 toys. "When you cut the toys and clothes back ... the kids really like it." He aims for a cut of roughly 75%: he tosses out the broken toys and gives away the outgrown ones and the busy, noisy, blinking ones that do the playing for you. Pare down to the classics that leave the most to the child's imagination and create a kind of toy library kids can visit and swap from. Then build breaks of calm into their schedule so they can actually enjoy the toys.

Finally, there is the gift of humility, which parents need to offer one another. We can fuss and fret and shuttle and shelter, but in the end, what we do may not matter as much as we think. Freakonomics authors Stephen Dubner and Steven Levitt analyzed a Department of Education study tracking the progress of kids through fifth grade and found that things like how much parents read to their kids, how much TV kids watch and whether Mom works make little difference. "Frequent museum visits would seem to be no more productive than trips to the grocery store," they argued in USA Today. "By the time most parents pick up a book on parenting technique, it's too late. Many of the things that matter most were decided long ago — what kind of education a parent got, what kind of spouse he wound up with and how long they waited to have children."

If you embrace this rather humbling reality, it will be easier to follow the advice D.H. Lawrence offered back in 1918: "How to begin to educate a child. First rule: leave him alone. Second rule: leave him alone. Third rule: leave him alone. That is the whole beginning."

Of course, that was easy for him to say. He had no kids.

— With reporting by Karen Ball / Kansas City, Mo.; Alexandra Silver / New York City; and Elizabeth Dias and Sophia Yan / Washington