TJMaxx – Another lifetime ago.

Long time ago. Back in the stone ages just before Windows 95 I worked in retail loss prevention. Yup I got paid less than you can make now at McDonald’s to get threatened with weapons over shirts, pants etc at TJMaxx. After today’s news of the horrible neglect of TJMaxx in protecting it’s customers’ credit card information I have but one thing to say. Thank you Microsoft! If it were not for Windows95 coming out when it did I would have had a hard time getting back into IT and eventually a mix of IT and security.

Here is TJMaxx’s response to the issue.


Dell – Hit and Miss

Well, Dell does it right for once and on a RAM purchase. The very sort of purchase I have spoken of before and a customer advocate at Dell swore would not go badly again. I ordered 4GB of RAM for my desktop at work. Gave my rep the service tag, got a quote within 30 mins back. I had it ordered and it showed up the day I was leaving town. A good turn time from the time the order was placed. I put in the RAM today and it worked perfectly first try. Score one for Dell.

Ok win some lose some. I asked our Dell rep back before the New Year for the warranty expiration date, original purchase date and the PO# used. I made it as easy as possible by supplying the list of service tags in excel with the desired columns labeled. How long till I got it back? Try never. Even though I can manually type in each service tag on their site and look up that information they cannot seem to run a simple query and send you back the results. It’s pathetic a tech company like Dell cannot meet such a simple request for several hundred service tags. I gave up, told them to forget it. I was just trying to pull everything together to import the hardware information into our helpdesk system. SO now its in just without the warranty data.


Ah T-Mobile, let me count the ways

As if Edge wasn’t slow enough. T-Mobile is under a global outage right now according to their support center. Which ironically the person I spoke too is in the same city as me. I noticed I lost cellular coverage mid-afternoon. It’s now 9pm and they say another two hours ETA on service. She told me even the hotspots are down.

* Update 1AM 2007-01-14 – Service came back up about 20 minutes ago.  So much for the two hour ETA.


My two iPhone Thoughts

I am sure everyone on the planet on the net is writing or talking about the iPhone. So by now you know it makes every other phone out there look like a toy. So does this give the manufacturers the leverage to turn the tables on the carriers and unlock all the crippled phones out there? For example why is my super expensive Blackberry 8700G from Tmobile which is Edge like the iPhone not support Internet high speed (as much as Edge is) through the bluetooth connection? Sure it *could* but they won’t let you. And it drives me nuts. I can tell you if I need to purchase a personal cell phone instead of having one from work it would be Hell frozen over before it was T-Mobile. And how about all the crippled Motorola Razrs out there?

It will be interesting to see the industry reaction to this.

From an information security standpoint. Does it support at least SSL for the mail client or lord help all the pop3 users whose iPhone jumps on rogue wireless APs automatically and sends their credentials in the clear.


SNMPv3 and Cisco Gear

I was playing around on how to setup SNMPv3 on my Cisco gear with my cacti install.

Based on a blog entry over at Taosecurity, my Cisco Cookbook published by O’Reilly and some testing on various Cisco gear I have access to I came up with the below.
We make sure our access list is defined to allow only our SNMP polling station.
access-list 99 remark SNMP Restriction
access-list 99 permit
access-list 99 deny any log

We remove the old snmp readonly community string we were using. My cacti installed whined if I did not include the internet mib.
no snmp-server community snmpread RO 99

We setup our view and group for SNMPv3.
snmp-server view readview mib-2 included
snmp-server view readview internet included
snmp-server group readonly v3 auth read readview access 99

Next we define the SNMPv3 user.
If your IOS is 12.0 up through 12.2 you can only use the authentication not the encryption of the data packets.

snmp-server user cacti readonly v3 auth md5 AN7B4aK3wXXxtn6 access 99
you will have to answer Y for yes to the prompt
adding an snmpv3 user could cause a bootup delay,
do you wish to continue? (y/n)[confirm]

If your IOS is 12.3 and up you can should use both auth and priv
snmp-server user cacti readonly v3 auth md5 AN7B4aK3wXXxtn6 priv AN7B4aK3wXXxtn6 access 99

Now you can update your network management system such as Cacti, Solarwinds etc to use the new SNMPv3 user name and passphrase.


Freeradius and Cisco Console Access

Woo Woo.  I just got Freeradius installed on my Ubuntu laptop using apt-get.  I then moved the port to the default that Cisco gear expects.  After a bit of testing and google work I finally got it authenticating all my SSH/Console access to my 871W at home.    I will post some detailed notes later but right now doing a happy dance.  Always wanted to figure out how to setup radius.  Next comes using it with my WPA wireless vlan.