ClearNet Security

For a quick wireless project I grabbed the Ubiquiti SuperRange Cardbus (300mW 802.11 a/b/g), downloaded the latest BackTrack ISO, plugged in the card and booted the CD on an old Inspiron 8100 laptop.

Everything worked perfectly on the first try and I was a little surprised to find 40+ networks via Kismet in my residential neighborhood.  If you’re into the wireless stuff, this combination worked great for me and I recommend the Ubiquiti with external antenna.

I just finished a workshop covering the use of Data Stream Analysis. Its necessity is driven by the need to analyze massive volumes of data (e.g. system and network events) in near real time – essential given how fast you will hit your head on the insertion rate ceiling using standard relational databases.

Off the shelf DBs (PostgreSQL, MySQL, Oracle, etc.) are unable to simultaneously commit thousands of events per second while performing complex queries. To have a chance of analyzing events in reasonable amounts of time you must analyze the incoming streams of data before inserting the data into a database.

I ran into this scenario last year building a central log server using off the shelf components. Even a few dozen servers can stream events fast enough where you realize pretty quickly all the typical open source based how-to’s on building a system that can store, correlate, and alert are inadequate. Data stream processing is required when things get big.

I've been too busy doing other things the last few months to post much. I haven't seen this issue really addressed anywhere but it's mentioned from time to time. It's kind of a quick rationalization and it definitely has some appeal to some form of logic.

At a glance, it makes logical sense. The difference between the best engineers and the worst isn't that great (in the grand scheme of things) and the top products are usually built by good ones that all tend to kind of converge to the same quality level. So if the engineers are about the same quality then the output should have roughly the same number of defects provided that they are using similar technologies and tools. Further, the more popular product will have more eyes looking at it and so more problems will be found.

The popular context for this would be Windows vs. OS X. Is OS X any more secure than Windows? Or is it just attacked less often? Well what about OpenBSD, if it was as popular as Linux would it have the same number of security problems? I tend not to think so.