Saturday, October 27, 2007
Review: JkDefrag v3.26
It is such a joy when I find great tools out in the public domain. Recently I discovered JkDefrag v3.26 - a tool for defragging your harddisks. It comes with a commandline version as well as screen saver and gui versions. This great program is free for the download and doesn't even contain an install program - which is great for booting from a thumb drive and running it. The screen saver version can start up a different screen saver when it completes, for those who don't want to give up a beloved other screen saver.
Friday, October 26, 2007
TSA Contactor Employee's Laptop Stolen
The personal data including social security numbers of 3,930 people are now compromised due to a Transportation Security Administration Contactor Employee's laptop being stolen.
The contractor has supplied each employee with 1 year of identify theft protection. Is this enough? Laughably, no.
Certainly the 3,930 people should be protected, but what other implications exist?
Do these thieves know the value of this information? Could the routes, dates and location of all hazardous cargo in the US be useful to others? Certainly and in more ways than just terrorism.
SC Magazine article.
The contractor has supplied each employee with 1 year of identify theft protection. Is this enough? Laughably, no.
Certainly the 3,930 people should be protected, but what other implications exist?
Do these thieves know the value of this information? Could the routes, dates and location of all hazardous cargo in the US be useful to others? Certainly and in more ways than just terrorism.
SC Magazine article.
Tuesday, October 23, 2007
SC Magazine Podcast Oct 23rd, 2007
The SC Magazine Podcast for this week is available. I'm trying to imbed this into this post for the convenience of the readers. If this doesn't work I'll try to repost another way.
This week's topic is appropriate since I've personally noted the increase in spam and a new tactic - using voices ala sound file.
You can always subscribe to this podcast through itunes.
You can download this particular podcast here.
This week's topic is appropriate since I've personally noted the increase in spam and a new tactic - using voices ala sound file.
You can always subscribe to this podcast through itunes.
You can download this particular podcast here.
Friday, October 19, 2007
Network Security Podcast Available
The latest Network Security Podcast is available.
Much on Apple's new Leopard OS - a topic near and dear to my heart since I am a new Apple convert. I recently acquired (via my employer) a MacBook and have been acclimating to the experience.
Rich presents a great overview of some of the new security features. Personally I'm looking forward to the integration of contacts with mapping (google or yahoo). He also comments on recent iPhone exploits.
Not listed on the show notes is Martin introducing us to the Payment Card Industry standard standard as an SLA.
Decent production quality. Seems Rich is on the good end this time and poor Martin is stuck in a tunnel?
Much on Apple's new Leopard OS - a topic near and dear to my heart since I am a new Apple convert. I recently acquired (via my employer) a MacBook and have been acclimating to the experience.
Rich presents a great overview of some of the new security features. Personally I'm looking forward to the integration of contacts with mapping (google or yahoo). He also comments on recent iPhone exploits.
Not listed on the show notes is Martin introducing us to the Payment Card Industry standard standard as an SLA.
Decent production quality. Seems Rich is on the good end this time and poor Martin is stuck in a tunnel?
Gall Bladder Issues
Looks like I will be getting my gall bladder removed Monday morning, October 22. Once I have completed the article about the experience I will submit it to my AC page.
SC Magazine Podcast Available: The year in Phishing
The latest SC Magazine Podcast is available. David Ulevitch, OpenDNS & PhishTank CEO, criticizes Internet Service Providers for allowing their customers to become victims of botnets and thereby allowing them to send out phishing emails. PhishTank provides data for locating and squashing phishing data.
Production quality is low, as is typical for SC Magazine podcasts. Popping and static are free! I feel like I'm at Sonic ordering a burger. I wish I could! :)
Production quality is low, as is typical for SC Magazine podcasts. Popping and static are free! I feel like I'm at Sonic ordering a burger. I wish I could! :)
Tuesday, October 16, 2007
Tulsa, Oklahoma Event
Ziff Davis Media and APC Cordially Invite You to a Live Data Center Tour and Showcase Dinner
Tuesday, October 23, 2007
Tulsa, OK
EVENT DETAILS:
Check in:
5:00 PM
Tour and Discussion:
5:00 PM - 6:30 PM
Showcase Dinner:
6:30 PM
LOCATION DETAILS:
Cimarex
15 East 5th Street, Ste. 1100
Tulsa, OK 74103
To register please call 1.888.215.4542 or email events@ziffdavis.com and reference event # 7206.
Register here.
Tuesday, October 23, 2007
Tulsa, OK
EVENT DETAILS:
Check in:
5:00 PM
Tour and Discussion:
5:00 PM - 6:30 PM
Showcase Dinner:
6:30 PM
LOCATION DETAILS:
Cimarex
15 East 5th Street, Ste. 1100
Tulsa, OK 74103
To register please call 1.888.215.4542 or email events@ziffdavis.com and reference event # 7206.
Register here.
Wednesday, October 10, 2007
Network Security Podcast Available
Network Security Podcast is available.
Topics this week:
Show Notes:
* Microsoft AutoRuns
* PGP Flaw not really a flaw at all
o Securosis: Slashdot bias and much ado about nothing PGP encryption issue
o Slashdot: Undocumented bypass in PGP whole disk encryption
o Securology: PGP whole disk encryption - barely acknowledged intentional bypass
* Retailers vs. PCI
o Securosis: Retailers btch slap PCI Security Standards Council
o Techtarget: National Retail Federation takes aim at PCI DSS Council
o SC Magazine: Retail Lobby offers alternative to PCI standards
o Network Security Blog: Merchants mad about credit card retention
* iPhone Jailbreak (missed the link on this one)
o Suit against Apple for bricking iPhones
* Six tick to Midnight: One plausible journey from here to a total surveillance society
o Tech Liberation Front
o Onstar to stop supports
* RSA Speaking on Security interviews Shon Harris and I get a mention too.
* CIO.com: Hacker Economics 1: Malware as a service
* Tonight's Music: The Moon is Full by Albert Colins, Johny Copeland and Robert Cray
Topics this week:
Show Notes:
* Microsoft AutoRuns
* PGP Flaw not really a flaw at all
o Securosis: Slashdot bias and much ado about nothing PGP encryption issue
o Slashdot: Undocumented bypass in PGP whole disk encryption
o Securology: PGP whole disk encryption - barely acknowledged intentional bypass
* Retailers vs. PCI
o Securosis: Retailers btch slap PCI Security Standards Council
o Techtarget: National Retail Federation takes aim at PCI DSS Council
o SC Magazine: Retail Lobby offers alternative to PCI standards
o Network Security Blog: Merchants mad about credit card retention
* iPhone Jailbreak (missed the link on this one)
o Suit against Apple for bricking iPhones
* Six tick to Midnight: One plausible journey from here to a total surveillance society
o Tech Liberation Front
o Onstar to stop supports
* RSA Speaking on Security interviews Shon Harris and I get a mention too.
* CIO.com: Hacker Economics 1: Malware as a service
* Tonight's Music: The Moon is Full by Albert Colins, Johny Copeland and Robert Cray
Network Security Podcast Available:
Network Security Podcast is available. Sorry for the late post on this. It has been a busy week for me.
Show Notes:
* Microsoft's Stealth Update
o Brian Kreb's Security Fix
o Rich: Lessons on Software Updates: Microsoft and Apple Both Muck it Up
* Interview with a convicted hacker: Robert Moor tells how he broke into routers and stole VoIP service.
* FUD and SCADA or Oh FUD
o DevCentral: Sometimes, even the experts are wrong. (M: I think he means me.)
o Rich: Yes, Hackers can take down the power grid. Maybe.
o Schneier: Staged attack causes generator to self-destruct
* Gap losses 800,000 records
* PCI is a TLA
o PCI Security Standards Council
o PCI DSS Compliance Demystified
o PCI Standards Group on Yahoo
o TrustWave
* Tonight's Music: On a podcast by Cruisebox
Show Notes:
* Microsoft's Stealth Update
o Brian Kreb's Security Fix
o Rich: Lessons on Software Updates: Microsoft and Apple Both Muck it Up
* Interview with a convicted hacker: Robert Moor tells how he broke into routers and stole VoIP service.
* FUD and SCADA or Oh FUD
o DevCentral: Sometimes, even the experts are wrong. (M: I think he means me.)
o Rich: Yes, Hackers can take down the power grid. Maybe.
o Schneier: Staged attack causes generator to self-destruct
* Gap losses 800,000 records
* PCI is a TLA
o PCI Security Standards Council
o PCI DSS Compliance Demystified
o PCI Standards Group on Yahoo
o TrustWave
* Tonight's Music: On a podcast by Cruisebox
Tuesday, October 9, 2007
SC Magazine Podcast Available: What Are Your Plans for Cyber Security Awareness Month?
Washkuch interviews Tim Bennett, president of Cyber Security Industry Alliance about the Cyber Security Awareness Month coming up.
Is organized crime really taking over hacking?
Download the podcast.
Is organized crime really taking over hacking?
Download the podcast.
Friday, October 5, 2007
Tulsa Tech Fest
Although I have already committed to another appointment on those days, Tulsa Tech Fest would have been on my todo list. I hope someone is able to check it out and report back.
During the conference, you can enjoy:
• 16 simultaneous tracks with lectures by local, regional, and national experts
• Free lunch on Friday and Saturday and snacks throughout both days
• Tulsa Techfest Raffles including a laptop and desktop computer, free tech training for CISSP and MCSE certifications, and much more
• You can also earn CPE credits for (ISC)2’s CISSP, CLEET Law Enforcement (pending), CISA (pending)
Speaker Spotlight: Peiter Zatko, better known as Mudge, the hacker who testified to the Senate that he could "take the Internet down in 30 minutes", has been a pioneer of the commercial information security and warfare sector since the 1980s. The leader of the hacker think-tank "L0pht", he founded @stake and Intrusic and currently works as a Division Scientist for BBN Technologies (the company that designed and built the Internet).
During the conference, you can enjoy:
• 16 simultaneous tracks with lectures by local, regional, and national experts
• Free lunch on Friday and Saturday and snacks throughout both days
• Tulsa Techfest Raffles including a laptop and desktop computer, free tech training for CISSP and MCSE certifications, and much more
• You can also earn CPE credits for (ISC)2’s CISSP, CLEET Law Enforcement (pending), CISA (pending)
Speaker Spotlight: Peiter Zatko, better known as Mudge, the hacker who testified to the Senate that he could "take the Internet down in 30 minutes", has been a pioneer of the commercial information security and warfare sector since the 1980s. The leader of the hacker think-tank "L0pht", he founded @stake and Intrusic and currently works as a Division Scientist for BBN Technologies (the company that designed and built the Internet).
Wednesday, October 3, 2007
Book: Making Things Talk
Recently added to my book wishlist, Making Things Talk: Practical Methods for Connecting Physical Objects
has many security implications. If do-it-yourself projects could communicate then they may also be remotely alterable or modified to perform other tasks both positive and negative. Either way, it is an intriguing concept for those who fancy them tinkerers or inventors.
The publisher's site and a recent review by Daniel Terdiman on his geek culture blog.
has many security implications. If do-it-yourself projects could communicate then they may also be remotely alterable or modified to perform other tasks both positive and negative. Either way, it is an intriguing concept for those who fancy them tinkerers or inventors.The publisher's site and a recent review by Daniel Terdiman on his geek culture blog.
Monday, October 1, 2007
SC Magazine Podcast Available: IT-ISAC officials speak out on cybercrime trends
The latest episode of the SC Magazine Podcast is Available Here for download.
This week Frank Washkuch interviews executives with IT-ISAC, Information Technology - Information Sharing and Analysis Center, a membership-oriented, community-based organization with a mission to share information about electronic threats. IT-ISAC executive director, Scott Algeier, and IT-ISAC treasurer, Rob Clyde, answer Frank's questions.
Sample of questions asked: How does IT-ISAC work with the US Government? What are the most pressing security trends?
Production quality is still low. Frank really needs a new mic or to lower the gain on his current mic.
This week Frank Washkuch interviews executives with IT-ISAC, Information Technology - Information Sharing and Analysis Center, a membership-oriented, community-based organization with a mission to share information about electronic threats. IT-ISAC executive director, Scott Algeier, and IT-ISAC treasurer, Rob Clyde, answer Frank's questions.
Sample of questions asked: How does IT-ISAC work with the US Government? What are the most pressing security trends?
Production quality is still low. Frank really needs a new mic or to lower the gain on his current mic.
Label Your Servers Properly
A recent networking outage was caused by improperly labeling a server. Hardware managers or operations center personnel often do not know or think to see if a server is down before unplugging it. Even a planned outage of a back server can cause a severe outage if the primary/backups are mislabeled. Take the time to properly label and regularly inspect printed labels on the front of servers or operations center equipment as a measure to reduce downtime.
Many inexpensive products will do the trick, this is one I own.
Many inexpensive products will do the trick, this is one I own.
Subscribe to:
Posts (Atom)
