I'm proud to announce the availability of the first public testing release of the upcoming installer. We're in final stages of testing now, and tho there are still known issues it's time to get community feedback on it. Many many thanks to anybody willing to help test this iso. Please keep in mind that it's a testing version, not intended for production. We can't even ensure that at the end of the testing period there will be a seamless upgrade into the stable distribution ;-)

First a quick note on versioning. The new installer will have two versions, one for each architecture:

Installer 1.2: amd64 (that is, most of the 64bit capable processors out there, including Xeons).

Installer 1.1: i386 (old 32bit).

The installer testing version can be found at http://data.alienvault.com/ossim-installer_1.2.beta1.iso. Next I'll list how to install it (along with update guidelines), known issues right now (and how to report new ones) and a short list of some of the stuff included in this release.

Download it

Highlighting the download: http://data.alienvault.com/ossim-installer_1.2.beta1.iso.

Installing it

Grab the iso, install it. After installation, in order to get a clean testing and updating environment (we're working on solving this right now) issue an:

apt-get remove ossim-cd-setup

apt-get update; apt-get upgrade

Bugtracking/reporting

We did setup a specific forum for this. Please post any discovered bugs in there, and please check the rest of the 1.2 forum in case somebody might have reported the issue before.
Before reporting a bug please issue an "apt-get update; apt-get upgrade", your bug might have been fixed.

Known issues

There are several issues that I'm aware of right now, which I'm working on:

• Jasperserver password change might break jasperserver.
• SEM doesn't work out of the box (haven't commited the code to the cvs yet).
• /home/ossim/dist/ doesn't get cleaned up.
• Creating new tabs breaks existing tabs at executive panel.
• Memory issues (adding tomcat to the mix didn't help the already large memory requirements)
• Passwords doesn't get changed / adapted for everything.
• the reconfig bug when passwords contain "&, ', ; or \"" is still present.
• repository is missing gpg signatures

Feature highlight

There are many things we'll be proud of this new release, just to name a few (all of them will be provided before the final release via updates):

1. Completely new forensics console. Based on ACID and BASE we decided to incorporate the code into our own cvs; we just have too many specific needs and need to cover them. Check out the following screenshots:
   • standard alert view
   • event trend
2. Disk based event storage (a.k.a. SEM) (will be updating a screenshot asap)
3. Interactive risk maps (seen them before)
4. Reporting plugins using JasperServer. This will be a major breakthrough, allowing for easy to share reporting plugins, scheduled reports, auto-emailing of reports and much more.
5. Shellcode interpretation plugin for forensics.
6. OSSEC 2.0
7. Many new plugins.
8. Updated directives, cross correlation and inventory correlation tables.
9. Complete debian package based update/upgrade mechanism, including offline updates. No more custom ossim-updates.
10. Many more...

We want this release to be as good as possible, and your feedback is crucial for that. Please download it, throw it into a VM, make your evil tests and report back on the forum thread mentioned above.

Enjoy.

This is a short description of what happened to my girlfriend at a bank recently. It's not about millions, it's a short sum of money, but the way the bank tried to steal it from us is outrageous. I'll write it (exceptionally) in spanish, since it's happened here in Madrid at a "Banco Santander" office. I'll write a short sum up in english at the end :-)
This is no rant. I'm complaining about bank abuse and I've got no newspaper or anything similar where I can publish it.

Lo sucedido

Esto es el relato sin adornos de como el Banco Santander intentó robar hace poco a mi novia todo lo que tenia ingresado en el banco. Como ya decía en inglés, no es una pataleta, quiero denunciar un robo pero no tengo mejor sitio donde hacerlo.
A la historia...

Hace 6 meses le abrimos una cuenta a su madre, que vive en el extranjero, para cobrar la pensión. Para celebrar este memorable hecho, ingresamos 50 euros a la cuenta para dar la bienvenida a su madre.
A buena hora....

Seis meses despues y tras informarnos de tasas de transferencia internacionales resulta que no compensa en absoluto ingresarla en españa y transferirle; mejor pagar el impuesto revolucionario del pais de destino directamente. Así que decidimos cerrar la cuenta y usar esos 50 euros para comprarle ropa a su sobrino (al de mi novia) que esta pasando una fase familiar "compleja".
Solicitamos la cancelacion y... oh sorpresa, tenemos que abonar 8 euros con algunos decimales para poder cancelar la cuenta, habiendo perdido los 50 ya por supuesto.
La amable cajera nos lo explica: liquidacion anual 27 con algo. Gastos de emision de tarjeta (que nunca recibimos ni usamos) 12 euros. Gastos de cancelacion 17 euros. Total: debemos 8 euros a un banco que ha tenido 50 euros nuestros durante 6 meses sin darnos nada a cambio.

Aquí ahora debería venir una larga lista de amargas quejas sobre el sisteema financiero, los bancos, la politica de la cutrez y mezquindad que domina nuestra sociedad actualmente, pero dejemoslo ahi.
La amable cajera tras consultarlo con la directora de la sucursal decidio devolvernos el importe integro ante lo sangrante y absurdo de la situacion, con lo que al final la experiencia fue positiva despues de todo. Mi mas profundo respeto a este acto de humanidad al igual que mi mas profundo desprecio hacia los que soportan y promueven este tipo de estafa encubierta. Asi no me extraña que el Santander diera unos beneficios de 8876 millones en 2008.

English synopsis

Long story short. We opened an account (at the Banco Santander) six months ago, entered 50 euros, wanted to cancel it last week after not having used it because international transfer fees were way too high on thihs bank and, to our inmense surprise, not only had we lost the 50 euros but we were supposed to pay an additional 8 euros to cancel the account. They charged us 27 euros of yearly maintenance, 12 euros for a credit card we never received nor used and another 17 as cancellation fees. The story had a happy ending tho: the nice people at the bank decided on their own to give us our 50 euros back without charging us anything, nice move :-). Aaah, and as a side note, this bank had a netto benefit of 8876 million last year.

Cheering at Daniel & co. for their ossec 2.0 release.
I'm actually very excited about this new release (agentless monitoring being my favourite) and the moment is perfect: I'll put this into the installer beta right away and make it avaiable along ossim asap.

Congratulations :-)

Just a quick note on some events we plan to attend this year as expositors/talkers. I personally won't be in any of these but if you are going to attend, don't hesitate and say hello to our people there.

As AlienVault

The following events are commercial ones, so expect some spam and similar stuff ;-)

Next week we'll have a stand at the Mexican EXPOCOMM, provided by the "Camara de Comercio e Industria de Madrid". Stand will be 906-I in the spanish pavillion.

Besides this some speeches will be held at an event organized by a spanish security magazine called SiC.

As OSSIM

Sadly we missed the OpenSource meets Business expo, but we plan to give a quick hands-on lab at the OSCON later this year. Hopefully our ideas will get accepted into the schedule. It's Santiago btw who'll go if it comes to it, that way he'll be able to update his blog too :P