Skip to main content

Posts

Showing posts with the label taming

Taming the NSRL Hash DB Beast

Taming the NSRL Hash DB Beast Background Ive been trying to extend Sleuthkit in a variety of ways, such as by adding a table to the Sleuthit databese to capture file/mime types and improve strings extraction over that of the traditional blkls | strings > file variety.  I came to the realization that elimination of files through hashing could speed these processes.  This is not a new concept to me or anyone else in data forensics, but I do believe hash elimination is under used.  I think this is due in large part to the unwieldy size of the National Software Reference Library (NSRL) hash database. The Problem As of January 2011, The NSRL data is distributed in 4 .iso files and contains a whopping  62,294,036 file entries.  The NSRL tries to help you manage the data volume by directing you to concatenate the NRSLFile.txt files (each containing over 4.7 million rows) found in each .iso and then export only rows with unique hash values.  Such ...
Read more

Taming the Poodle in IBM Domino 9 0 1

Taming the Poodle in IBM Domino 9 0 1 Theres been a lot of talk lately about the Poodle Vulnerability and IBM have provided a rather slow and confusing response full of similarly named files across multiple web pages. Weve mostly gotten our systems sorted now but as it was a difficult process, I thought Id share some of the things Ive learned.  If nothing else, Im sure that other people could benefit from the fix lists being in the one place.  Huge thanks to the guys in the IBM Notes groups on LinkedIn who provided most of the best insights here. The poodle vulnerability isnt a new thing (its 15 years old) but recently browser vendors, particularly Mozilla (and soon Google) have have issued upgrades which block access to vulnerable sites by default. I guess that means its time to deal with it.  This is what the Firefox error message looks like. One more thing.... In case youve already dealt with poodle and you think that your system is safe because Mozilla Firefox is no l...
Read more

Taming the JMX on WebLogic Server

Taming the JMX on WebLogic Server Taming the JMX on WebLogic Server Taming the JMX on WebLogic Server Let assume couple things first: 1) I assume you have heard of Java’s JMX features and familiar what it does (expose and manage your service remotely). You ought to know that default JVM will have a Platform MBeanServer instance that you can register MBean. And you may view them using the jconsole command from the JDK. 2) As of today, I think by far the easiest way you can expose any services in your application to a JMX MBeanServer is using Spring’s exporter. You will do something like this: <bean class="org.springframework.jmx.export.MBeanExporter"> <property name="assembler"> <bean class="org.springframework.jmx.export.assembler.InterfaceBasedMBeanInfoAssembler"> <property name="managedInterfaces"> <list> <!-- Expose any java interface you like to see under JMX as MBean --> <value>myproject.ser...
Read more