The Sys-Security Group

My beloved friend,

I am writing to you a few hours after you have been killed. In my head I am still thinking about yesterday, about the time our families had spent together, and the things we have discussed.

I am having trouble to think about you in past tense. I can still see you in my mind playing with your daughter, running after her, going to buy her ice cream, again, when your first choice was rejected, laughing, being here…

I know you’re gone. The pictures I saw on TV showing you on the ground when the paramedics are trying to revive you simply do not get out of my head.

They are there along with all the good memories I have about you.
I will always cherish the time we had spent together.

You see my friend, you had been someone special.
Someone you do not get to meet every day.
Someone that will always be 35.

I will miss you… we will all miss you.

Ofir

For those of you who are confused by the different terms, pre-connect NAC is the phase in which the identity of the device and the identity of its user are to be verified.

With pre-connect NAC any device trying to access the Enterprise LAN must be authorized, and the identity of the user using this device must be authenticated.

Pre-connect NAC allows disallowing access from rogue devices (non-authorized devices), and from unauthorized users.

Proving the identities of those using our infrastructure is a major piece with the overall security and control NAC is bringing along (Just as a reminder, pre-connect NAC is followed, usually, with posture validation tests, and post-connect capabilities).

Pre-connect must also deal with devices such as printers, VoIP phones, etc, which an identity of their user cannot be verified. Instead parameters regarding the device are those who should be verified (type of device, purpose, capabilities, etc.). These devices need to be constantly monitored so they would not be abused for an attack.

As demonstrated, pre-connect NAC has an important rule with NAC, and its values cannot be dismissed.

So, the first part of the sad story about my MacBook Pro was that although repaired, the display of the notebook still had experienced issues. After allowing Apple 3 more days I decided to call the Apple store and to ask for the status of my repair.

The phone call went something like this: “Sir, we are sorry but we were not been able to repair your machine. We have replaced the display 3 times experiencing the same issues…unfortunately we would have to completely replace it”.

Apple have replaced my Core Due 1 15′ MacBook Pro with a brand new Core Due 2 15′ MacBook Pro.

At least when it comes to support, Apple does this the right way.

The question still remains – Will the quality of the hardware be changed?

Until now the Core Due 2-based MacBook Pro is behaving better then the old one. I hope it would last more. Just as a reminder, this is my 3rd MacBook Pro machine (and yes I bought only one)…

VoIP, IP Phones, and the gear from Cisco always fascinated me. In the past I have published several advisories and papers regarding vulnerabilities and security issues I have found with the Cisco IP Phone gear.

Looking into how Cisco handles IP Phones with their NAC solutions caused me to raise some interesting questions regarding it.

The IP phones identify/authenticate to Cisco NAC solutions using CDP packets. These packets can be easily spoofed. Usually a computer will be hooked to the IP Phone. The IP phone would assign a different VLAN tag for traffic from the IP phone, and a different VLAN tag for the computer date. What if a hub is connected to the wall, the computer is disconnected from the IP phone and now is connected to the hub and uses the VLAN tag of the Voice VLAN? What if the computer spoof an “authenticating” CDP packet?

Not even mentioning the fact the IP phone can be disconnected and the computer may completely abused its MAC address and the special authentication way of it.

You get the picture.

So, my Mac Book Pro had to be serviced…again! The problem this time is with the display (again) and with the optical drive (does not want to read anything anymore).

The last time I had been to an Apple store it was established that the display and the optical drive needs to be replaced. Since I did not had the time to leave the computer there, I did this this weekend.

The Genius Bar dude got me into buying a Pro Care and promised everything will be fixed in 2-4 days. A day later I got the call - your machine is ready to be picked up. Happy I went down to the Apple store. Just before saying goodbye after thanking them I decided to check what was replaced and if it satisfies me.

Oh my god! - So, Apple replaced the display, the optical drive and the board inverter. Nothing much. Except for the shelling of the box nearly everything was replaced. Fine I said. Let’s see how does the new display looks like. Ouch! 1/8 of the screen is darker then the rest!

So my machine is still at the Apple store, and my opinion regarding the new Intel-based hardware remains the same (bad quality). I am writing this using my old PowerBook G4 laptop.

I wonder if this would be the type of quality we should expect from the iPhone. If so, Apple is in serious trouble.