I am on my way to EuSecWest 2006 in London. The big news is that I will be releasing AfterGlow 2.0. It’s a complete rewrite (really a new version) that supports the generation of TreeMaps, if you feed it a CSV file. For now Version 1.1.6 of AfterGlow will be kept concurrent to the 2.0 release. Version 3.0 will compine the capabilities of the two so that the Java version is going to be able to output not just TreeMaps, but also LinkGraphs.

I guess the information security magazine can look into the future. They already have their product awards out for the year 2006. Reading through the different categories, I found some really strange awards. Not that I am well versed in any of the categories they awarded, but some of the choices strike me as strange: For example in the intrusion detection category, gold went to the eTrust IDS, silver to Symantec’s Intruder Alert and bronze to the ISS RealSecure Network Sensor. I never even heard of the eTrust IDS. You know what? They have one category for HIDS and NIDS. Does that make sense? Strange. I don’t get it. And again, I never heard of the eTrust IDS. And why is SourceFire or Enterasys or NFR or any of the traditional IDSs not in the list? Have you read the latest NSS report on IDSs? Why do these awards not at all match up with that report?

Then in the vulnerability scanner category, Foundstone won gold, Symantec won silver and ISS won bronze. What’s up with that? Symantec has a silver-style product for vulnerability scanning? Where is Qualys? Where is nCircle? Well, I am confused.

I am frustrated. I found these Perl libraries to buld treemaps (Treemap::Squarified). The problem is that it needs this special input format, which is either an XML tree or you can hack it into the internal perl datastructure which are basically a bunch of arrays. Once I figured out the internal datastructure (I was too lazy to go through XML), it got worse. You need to do everything yourself. The library does not even take care of sizing the pieces for you. You need to make sure that the numbers along the hierarchy are all correct and add up. But that’s not all. After playing with that for a while (basically my problem was to convert CSV to a tree; no I did not finish implementing it), I got into GTK2 coding. Well, that’s a mess too. Hardly anything documented. I just wanted to show some pictures in a window. Easy? No! I wanted to resize them to fit two arbitrary images into one window. Resize? I could not quite figure out how to have pixbufs and Gtk2 and all that interact. So I gave up…
Back to a language that I know a bit better: JAVA. Starting over…

The RAID (Recent Advances in Intrusion Detection) conference next year will be held in Hamburg. I will be on the program committee for the conference.
Make sure you submit a paper and attend the con!

I guess by now everyone knows scapy. At this point this is more a way for me to remember this tool.

Scapy is an interactive packet manipulation program written in Python.

Have you ever noticed that some restaurant or retail stores put the entire freaking credit card number on the receipt. I got quite upset and found this very interesting California Civil Code. Number 1747.9 stating that there shall not be more than 5 numbers on the receipt. I will start complaining. You should too!