xsltproc map2.xsl asia.xml

given the input from the Asia attack  graph produces:

30-06-2009 05:00:17 GMT,RU,Russia,15387,green
30-06-2009 05:00:17 GMT,TR,Turkey,7137,green
30-06-2009 05:00:17 GMT,CN,China,2468,green
30-06-2009 05:00:17 GMT,MY,Malaysia,4158,green
30-06-2009 05:00:17 GMT,IN,India,2631,green
30-06-2009 05:00:17 GMT,TH,Thailand,1823,green

While not the most elegant code, its gets done what I need, and is easily extensible enough to be able to  transform to other formats suitable for DB import. I’ll need to monitor data over the next couple of days to get an idea as to how the counters used are actually operating. Once that has been established I can star doing some meaningful comparisons.

After some hunting, I narrowed the culprit down to the Nvida graphics drivers post version 169.39. Driver Release 175.16 was the first to show the issue, 175.19 made it worse.

My solution at the time roll back 169.19 and sacrifice some of the support for my CUDA enabled cards.  Last week I took the plunge and went for 178.13, which while resolving some other issues still broke the Remote desktop functionality.

The solution appears to be a tweek is needed in ones registry.

1. Start, Run, type regedit and press OK
2. Navigate to the Key: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
3. Right click in the Details pane and Select New –> DWORD Value
4. Name it  SessionImageSize
5. After it is created, double click on it and change its value to: 20 ( this is based on recommendations from here) and effectively maps to raising the session memory to 32 MB.
6. Save and Reboot

I tried this and no luck.  For my particular configuration SLI motherboards with Running 3 heads ofa 7600GT and 7300GS, I needed to raise the SessionImageSize value to 41 implying the use of 64MB of memory.  I’m not sure if this is due to the large amount of ram in the system ( 4gigs) or the particular use of two non SLI’d cards. the ‘default’ value of 20 seems to have solved the problem on my other Intel based system running a single  8500GT.

Microsoft take on the issue  is contained in KB886212 which proposes the solution of try another driver or rollback the driver.

Searching for “SessionImageSize” in the Microsoft knowledge base doesn’t seem to help either

Its worth nothign that the problem is occuring across different chipsets, Graphics cards, and on both SP2 and SP3 systems. The fix of increating the SessionImageSize to 0×41 seems to be working fine on a Windows Server 2003 (SP2) system as well.

Installation was simple, with registration required in order to obtain two APi keys for use with the service. What interesting about this solution is that rather than just mutating words, a two phrase system is sued. One of the phrases is a known word, and th eother is a word that is taken form a ocr scan of the NYT or Internet Archive, ans has not been correctly identified by the ocr software. Thus there is a bit of community mindedness involved as well, as these words are interpreted. More on the gory details can be found here.

What does interest me tho is that this will not offer any protection from ‘pingback’ spam whihc is being submitted via the xmlrpc interface, but should still at another layer to the security onion.

For the impatient some instructions are available for getting started. Now to work out what else to order form amazon so that the 40USD specail shipment fee hurts a little less ( thanks to our totally criminal and incompetent post office in South Africa)

Failing that its time to wait till the local places get round to stocking it.

Of all the tools release its DAVIX, that makes me happiest, other than it being a relaly slick Compilation of VizSec tools, it also features InetVis, which is a part of the postgraduate research by one of my students (Jean-Pierre van Riel), which I previously posted about.

iKat is the other tool that tickles my fancy.

There are some interesting setf odf Defcon Photos floating around such as these by sits, who has also made available a zip of the of the Defcon 16 CD contents.An 732MB ISO  version is also available that at least has checksums.

I see some fun times ahead!

The screenshots provided show the functionality quite nicely. To round it off, its a tiny 3MB download, installing to just over 8MB.  The actual burning is handled by the well established CDRtools libraries, but the frontend makes it a much more pleasurable experience, than having to fiddle with command line arguments.

The impact its having on mirrors seems to be quite intense. The following two images sow traffic stats from mirror.ac.za the mirror service run by TENET here in South Africa.

Update:

A Firefox 3.0 download counter is now available. 943806 currently averaging some 7000/minute. Some commentary on the outages, although they seem to have cleared.

This Aside, I think the upgrade is well worth it , and I’ve been more than happy since Beta2 when I move my primary system over to running 3.0. The biggest improvements being rendering when switching between tabs ( and I usually have LOTS of tabs) and memory usage.

Tomorrow regular programming resumes ;)

Jan Monsch and Raffael Marty and have prepared the second beta version of DAVIX. And are now seeking for beta testers that have the time to test DAVIX and answer the questionnaire that comes along with the beta version. All completely filled out questionnaires received by me until Monday 23 June 2008 18:00 UTC will enter a raffle for one autographed copy of Raffy’s upcoming book “Applied Security Visualization”.

If you want to participate in the beta test please contact: jan.monsch ät iplosion.com

What makes me quite happy is that they have included InetVis as one of their four chosen visual analysis tools on the live CD.

I’ve been paying with this since this morning and so far so good.

Apache’s mod_rewrite seems to be the obvious candidate for making this as transparent as possible. In essence what needed to happen was incoming requests for:

"GET /blog/?flav=rss&category=Security HTTP/1.0" and
"GET /blog/?flav=rss HTTP/1.0" respectively need to be converted into:


http://lair.moria.org/blog/archives/category/security/feed

and

http://lair.moria.org/blog/feed respectively

This was achieved matching on the QUERY_STRING variable within apache. The real trick came trying to get the new URLS to appear clean. This proved to be more difficult than I expected. My initial rewrite rules resulted int he following:

"GET /blog/?flav=rss HTTP/1.0" 301 249 "
"GET /blog/feed/?flav=rss HTTP/1.0" 200 54274 ""

The agent was directed to the right url but it still looks ugly. Note the use of a HTTP/301 status code indicating permanently moved rather than a 302 which mod_redirect usually provides. The solution to the appending of the query string turned out to be to force my own null string onto the redirect. The Apache Wiki was where I finally found the right answer. so the way to remove a QUERY_STRING is to append a blank string “?” to the redirect .

The final setup in my .htaccess for WordPress looks as follows:

RewriteCond %{QUERY_STRING} ^flav=rss$ [NC]
RewriteRule ^$ http://lair.moria.org/blog/feed? [R=301,L]
RewriteCond %{QUERY_STRING} ^flav=rss&(category)=Security$ [NC]
RewriteRule ^$ http://lair.moria.org/blog/archives/category/security/feed? [R=301,L]
RewriteCond %{QUERY_STRING} ^flav=atom$ [NC]
RewriteRule ^$ http://lair.moria.org/blog/feed/atom? [R=301,L]