Wednesday, September 26, 2007
User of Ebay Forums Posted Credit Card Information
Someone posted massive amounts of credit card information belonging to ebay users. The extent of the damage is still being assessed and ebay has removed the forums from public view. Someone posted a YouTube video that shows someone looking at the posts before it was taken offline.
Ubuntu for Windows Users
Found a Great Article with a goal of getting people who are hooked on Microsoft Office Products moved into production on Ubuntu - the easy to install and run linux. Great job Eric!
Recycle / Repurpose Old Hardware
A great way to save money on hardware is to recycle/repurpose it for other uses. Lifehacker put together a nice collection, top 10 in fact, of ways to accomplish this.
Personally I repurposed an old box as a personal webserver and am quite happy with it.
Personally I repurposed an old box as a personal webserver and am quite happy with it.
Tuesday, September 25, 2007
Network Security Podcast Available: Episode 78
Network Security Podcast Episode 78 is available. This podcast includes the following topics:
# Rich's blog entry on TD Ameritrade
# Hacking Sermo.com, the social network for doctors parts 1 & 2
# Brian Krebs: Is Cyber crime really the FBI's #3 priority?
# PCI Extends its reach to application security
# Tonight's music: Dragons by The Switch
This podcast also includes: a personal lesson in why to neuter cats, Martin gets a job - Yeah Martin! - and not too far from my location. I've driven there to ski as well as attend events and training.
Halo 3's impact on the security world - mainly a notable pause in the world's hacking activity due to Halo 3's release.
Home network ideas.
Rich and Martin were also kind enough to respond to my query about blogging using your real name. Thanks Guys!
TD Ameritrade criticism.
A segway into privacy and the security round table discussion.
Cybercrime is 3rd on top 10 priority list and not getting a matching budget.
Welcome to the c level (formerly talking to the suits) speaking in terms of making security priorities business priorities. I'm starting to like this segment a lot.
Production quality was excellent as always.
# Rich's blog entry on TD Ameritrade
# Hacking Sermo.com, the social network for doctors parts 1 & 2
# Brian Krebs: Is Cyber crime really the FBI's #3 priority?
# PCI Extends its reach to application security
# Tonight's music: Dragons by The Switch
This podcast also includes: a personal lesson in why to neuter cats, Martin gets a job - Yeah Martin! - and not too far from my location. I've driven there to ski as well as attend events and training.
Halo 3's impact on the security world - mainly a notable pause in the world's hacking activity due to Halo 3's release.
Home network ideas.
Rich and Martin were also kind enough to respond to my query about blogging using your real name. Thanks Guys!
TD Ameritrade criticism.
A segway into privacy and the security round table discussion.
Cybercrime is 3rd on top 10 priority list and not getting a matching budget.
Welcome to the c level (formerly talking to the suits) speaking in terms of making security priorities business priorities. I'm starting to like this segment a lot.
Production quality was excellent as always.
Security Round Table Podcast Available
The next Security Round Table Podcast addresses privacy. Tune in by downloading the mp3 or iTunes.
SC Magazine Podcast Available: TD Ameritrade Commentary
SC Magazine online editor Frank Washkuch interviews Rich Sutton, directory 8e6 Labs about the TD Ameritrade data breach and what we should do about it.
I enjoyed the reasoning and conjecture on just how such a breach was accomplished. Their conclusion: an insider. After listening to the podcast, I'd have to agree.
It was suggested in this podcast that one could present this as a case in presentations or proposals for security budgets - an interesting short segway given my question just recently posted to Rich Mogull on Martin McKeay's Network Security Podcast.
The production quality of this podcast is par for SC Magazine's usual - weezy microphone at 100 yards?
I enjoyed the reasoning and conjecture on just how such a breach was accomplished. Their conclusion: an insider. After listening to the podcast, I'd have to agree.
It was suggested in this podcast that one could present this as a case in presentations or proposals for security budgets - an interesting short segway given my question just recently posted to Rich Mogull on Martin McKeay's Network Security Podcast.
The production quality of this podcast is par for SC Magazine's usual - weezy microphone at 100 yards?
Monday, September 24, 2007
Getting Things Done (GTD) System Inventor Speaks Publicly in a Short video
David Allen, inventor of the Getting Things Done (GTD) - a system of managing time and tasks (stuff) that I use personally, gives us a <5 minute preview of what it is all about.
Check the video out, then do your research. Many have taken his system and altered it to suit their needs - which is encouraged.
Full Video
Check the video out, then do your research. Many have taken his system and altered it to suit their needs - which is encouraged.
Full Video
Wednesday, September 19, 2007
Podcast Available from Network Security
Martin McKeay's new Podcast for this week is available.
Both Martin and Rich Mogull, now a permanent fixture in the tag team, get a little wordy (and they know it), but they do make a good team and I enjoy the balance. It might be slightly better for a good co-host to have divergent opinions. These two are in too much agreement. :)
Naturally they did an awesome job responding to my query regarding proving ROI with calculated risk. Excellent points! Thanks guys!
Good review of the news:
The Ameritrade Disclosure, 6 million customers hit with spam, and their opinions as to its disclosure - was it preemptive?
Introducing Security Mike's Guide to Internet Security - a man with the heart of a teacher. Well in line with the mission of this blog, to provide the means for inexpensive security practices.
Rich's FileVault problems - I am nearly a MAC convert - co-workers have long said I should make the plunge. This story is not good news for me. :( But, this may not stop my attempt to go MAC some day.
The Tor madness seems to me the risk you accept when running something that allows others to take advantage of you. You won't find me running a tor server, nor using it. Although Rich's idea of using it to do security research intrigued me for a time. I doubt I ever will. What would someone uncover about me? The fact that I do security research? duh.
Divorce + Technology = bad? Naturally, divorce + anything = bad! I have to go with Dave Ramsey's, friend I forget his name, who says that divorce turns marriage into a 'business transaction,' but I would add the word hostile to 'business transaction.'
I hope the Denver trip works out well for Martin, that isn't but a short drive from here - one I have made a few times. I enjoy Denver every time I go whether it is skiing or a business meeting. I would consider working (skiing) there myself. :)
Production quality on this podcast was the best yet - even far off Rich sounded great.
Both Martin and Rich Mogull, now a permanent fixture in the tag team, get a little wordy (and they know it), but they do make a good team and I enjoy the balance. It might be slightly better for a good co-host to have divergent opinions. These two are in too much agreement. :)
Naturally they did an awesome job responding to my query regarding proving ROI with calculated risk. Excellent points! Thanks guys!
Good review of the news:
The Ameritrade Disclosure, 6 million customers hit with spam, and their opinions as to its disclosure - was it preemptive?
Introducing Security Mike's Guide to Internet Security - a man with the heart of a teacher. Well in line with the mission of this blog, to provide the means for inexpensive security practices.
Rich's FileVault problems - I am nearly a MAC convert - co-workers have long said I should make the plunge. This story is not good news for me. :( But, this may not stop my attempt to go MAC some day.
The Tor madness seems to me the risk you accept when running something that allows others to take advantage of you. You won't find me running a tor server, nor using it. Although Rich's idea of using it to do security research intrigued me for a time. I doubt I ever will. What would someone uncover about me? The fact that I do security research? duh.
Divorce + Technology = bad? Naturally, divorce + anything = bad! I have to go with Dave Ramsey's, friend I forget his name, who says that divorce turns marriage into a 'business transaction,' but I would add the word hostile to 'business transaction.'
I hope the Denver trip works out well for Martin, that isn't but a short drive from here - one I have made a few times. I enjoy Denver every time I go whether it is skiing or a business meeting. I would consider working (skiing) there myself. :)
Production quality on this podcast was the best yet - even far off Rich sounded great.
Tuesday, September 18, 2007
SC Magazine Podcast Available: Businesses face a new threat from employee Skype use
SC Magazine's latest Podcast is available for download. This week is an interview with Irwin Lazar, principal analyst and program director for collaboration and convergence at Nemertes Research. They speak about the recent Skype worm and whether this is a real threat to the Enterprise because of skype use on the campus. Do malware-writers seek to exploit companies whose employees use the Instant Messaging (IM) or Voice over IP (VoIP) application? Naturally they will try anything, but is this an indication of things to come?
Includes an honest opinion of Skype and its future both in the enterprise and home use.
Includes an honest opinion of Skype and its future both in the enterprise and home use.
Wednesday, September 12, 2007
Network Security Podcast Available For This Week
Martin McKeay, now with permanent(?) co-host Rich Mogull, have completed this week's volume of the Network Security Podcast.
This week's line up includes: fighting viruses with your USB Drive - keeping a tool in your pocket for those emergency uses of public (assumed infected) computers, customizing google to force gmail to use SSL at all time, the Indian government forcing public computers to install keyloggers (feel free to cringe on that one), a nice intro to Data Loss (Leak) Prevention tools and techniques and a new segment on interfacing with the business people (suits) regarding Return on Investment (ROI). While I don't agree 100% on everything I enjoy hearing what others in the industry have to say on these matters.
A great episode with some nice commentary.
I'll hold my opinion on the new tag team for a few more episodes - let's see how well it works.
ROI for network security is more tangible than Rich and Martin suggest. We need look no further than the billions paid for data leaks in the news. Crunching this down to dollars is more granular than a SWAG by converting it to risk. Suits 'usually' understand risk. I actually enjoy the deer in the headlights look you get when you mention the compromises and data leaks in the media.
The production quality of this episode is par for Martin's earlier podcasts. Although Rich is obviously via phone of some sort (skype?) the production quality is excellent as always.
This week's line up includes: fighting viruses with your USB Drive - keeping a tool in your pocket for those emergency uses of public (assumed infected) computers, customizing google to force gmail to use SSL at all time, the Indian government forcing public computers to install keyloggers (feel free to cringe on that one), a nice intro to Data Loss (Leak) Prevention tools and techniques and a new segment on interfacing with the business people (suits) regarding Return on Investment (ROI). While I don't agree 100% on everything I enjoy hearing what others in the industry have to say on these matters.
A great episode with some nice commentary.
I'll hold my opinion on the new tag team for a few more episodes - let's see how well it works.
ROI for network security is more tangible than Rich and Martin suggest. We need look no further than the billions paid for data leaks in the news. Crunching this down to dollars is more granular than a SWAG by converting it to risk. Suits 'usually' understand risk. I actually enjoy the deer in the headlights look you get when you mention the compromises and data leaks in the media.
The production quality of this episode is par for Martin's earlier podcasts. Although Rich is obviously via phone of some sort (skype?) the production quality is excellent as always.
Monday, September 10, 2007
Podcast Available: Bank of India Website Hacked
SC Magazine's Podcast Available
Bank of India's Website was hacked. What does this mean for the rest of the world?
Sunbelt Software CEO Alex Eckelberry talks about how it may have been accomplished and what we can learn from this. Russian Business Network (RBN) - a hacking gang - seem to be the culprits.
Editor's Note: This podcast's production quality is highly improved from previous SC Magazine podcasts. I also don't care for his negative viewpoint of educational institutions (poorly coded, open source and unpatched systems) as if financial institutions would never have such problems. Such a discussion is beyond the scope of this presentation unless they can prove this hack resulted from such a location.
Bank of India's Website was hacked. What does this mean for the rest of the world?
Sunbelt Software CEO Alex Eckelberry talks about how it may have been accomplished and what we can learn from this. Russian Business Network (RBN) - a hacking gang - seem to be the culprits.
Editor's Note: This podcast's production quality is highly improved from previous SC Magazine podcasts. I also don't care for his negative viewpoint of educational institutions (poorly coded, open source and unpatched systems) as if financial institutions would never have such problems. Such a discussion is beyond the scope of this presentation unless they can prove this hack resulted from such a location.
Friday, September 7, 2007
Twitter - What Are The Security Implications?
Twitter.com is a site born out of the social networking phenomenon that allows you to waste even more time updating everyone else about your favorite subject: you. How? It allows you to easily update everyone who 'follows' you to know what you are doing. You send an text message to a special number to let everyone know what you are doing and the 'followers' will get that update. Naturally it has the same purpose as all other social networking sites: to keep in touch with others.
Stalking is the first security problem that comes to my mind. "Who 'follows' my 16 year old?" - any sane father's first question.
Other nefarious purposes come to mind: drug dealers broadcasting out their locations for their clients. You can easily expand this to other avenues of criminal activity: pornography, scamming, even scalping tickets.
Stalking is the first security problem that comes to my mind. "Who 'follows' my 16 year old?" - any sane father's first question.
Other nefarious purposes come to mind: drug dealers broadcasting out their locations for their clients. You can easily expand this to other avenues of criminal activity: pornography, scamming, even scalping tickets.
AOL Changes Their Free Anti-Virus Software
If you have an AOL email address and need anti-virus, anti-spyware or firewall software, download the free suite from AOL. I'd appreciate a review from someone who used their older version so they can say what has changed in the new suite.
Thursday, September 6, 2007
Network Security Podcast Available:
New Podcast Available from Martin McKeay details include point of sales (POS) vulnerabilities and the CISSP exam - does it work? Comparing CISSP and GSEC certifications. And more from Winn Shwartau and InfowarCon 2007.
SC Magazine Podcast Available: How an all-volunteer security organization helps to keep the bad guys in check
New Podcast Available: Frank Washkuch, online editor and reporter, sits down with Andre DiMino, co-founder and director of the Shadowserver Foundation. Andre talks about fresh intelligence his all-volunteer group has gathered on botnets and other recent attack trends.
See the Shadow Server Foundation for more information on this foundation and their volunteer work.
Wednesday, September 5, 2007
Moving From Windows to Linux - Things to Consider
Considering moving from Windows to Linux for a destktop/laptop operating environment? A computerworld article makes some suggestions.
Saturday, September 1, 2007
Do Websites Need a Publicist?
When Princess Diana stepped out of any building she was overwhelmed with Paparazzi - hot-headed opportunists searching for any scrap of data to publish with the goal of making a buck (or less). From the celebrities’ point of view, some media coverage is welcome and planned, but others are not. Hired According to Wikipedia.org Publicists are given the responsibility to provide the bridge between media and celebrities.
It occurs to me that this is much like setting up a public website. If you setup a website (or any computer) on any public network, such as Internet, you have only minutes to wait until your system is inundated with unwanted traffic – often drones belonging to script kiddies. Some traffic is welcome such as that from search engines or similar indexing services while the unwanted drones poke away at every nook and cranny of every file on your site for any scrap of useful information and/or exploitable vulnerability.
Do our websites, servers or any computer we setup require publicists? Could we see this as a new service emerging on the hosting market?
Along with that domain name, will hosting services (agents) provide publicity (search engine submission) for your website (celebrity) while fending off the annoyance of paparazzi (spam)?
Given the pattern of the times is to copy and proliferate to the maximum the market will bear, some see even publicists as a plague.
It occurs to me that this is much like setting up a public website. If you setup a website (or any computer) on any public network, such as Internet, you have only minutes to wait until your system is inundated with unwanted traffic – often drones belonging to script kiddies. Some traffic is welcome such as that from search engines or similar indexing services while the unwanted drones poke away at every nook and cranny of every file on your site for any scrap of useful information and/or exploitable vulnerability.
Do our websites, servers or any computer we setup require publicists? Could we see this as a new service emerging on the hosting market?
Along with that domain name, will hosting services (agents) provide publicity (search engine submission) for your website (celebrity) while fending off the annoyance of paparazzi (spam)?
Given the pattern of the times is to copy and proliferate to the maximum the market will bear, some see even publicists as a plague.
Subscribe to:
Posts (Atom)
