tag:blogger.com,1999:blog-85984582012-02-15T23:47:29.840-08:00SDnoreply@blogger.comBlogger2111100tag:blogger.com,1999:blog-8598458.post-31555576194539142452007-04-24T17:40:00.000-07:002007-04-24T18:25:23.820-07:00

... from a regular guy who is also famous. I have been watching Roger Ebert on his movie critique show for years. After leaving the show due to illness, many fans of the show have been wondering where he is and how he is doing.http://www.suntimes.com/news/metro/355049,cst-nws-ebert24.articleOne day a person in my Information Security class mentioned he was sick to think of the kinds of things

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-29974970181906156012007-04-23T17:49:00.000-07:002007-04-24T18:24:02.100-07:00

Rush Limbaugh and his copycats (Hannity, Savage, Coulter, O'reilly, etc) are amazing. After the media raised issues over Don Imus' comments, (the public largely ignored them due to his having a very small audience) Rush published this gem of intelligence:http://www.alternet.org/blogs/peek/50979/And he gets away with it. But so do his copycats mentioned above even though they offend us every

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-26359197237601183012007-03-18T12:53:00.000-07:002007-03-18T13:05:54.727-07:00

Even though the core of infoSecond is hosted using my own resources, that can become impossible to continue at anytime. The site is spreading out a bit with a blog on blogger and a new wiki. One way or another I will be able to remain in touch, even if randomly.The blog may become more personal while the other mechanisms are better suited for technical stuff. I found a great service that I am

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-66766086444792583712007-03-16T15:02:00.000-07:002007-03-16T15:30:51.657-07:00

I have been unsatisfied with the time/quality trade off of this blog. So I have been looking for a different approach. To be honest, I also wonder whether or not a blog is a wonderful personal expression tool or a professional suicide trap, or what this blog should really be about.Though I would like to express my thoughts here, I also never wish to risk the business of my colleagues. My

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-46330142200722436552007-01-21T06:15:00.000-08:002007-01-21T06:18:02.600-08:00

http://www.oculture.com/weblog/2006/10/free_university_1.html

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-54679985517021605022007-01-16T05:29:00.000-08:002007-01-16T05:30:42.381-08:00

And it runs on windows too.http://www.virtualbox.org/

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-71519657795193226932007-01-14T06:28:00.001-08:002007-01-14T06:28:38.032-08:00

http://www.eliteskills.com/free_education/

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-91974550577569739572007-01-13T09:28:00.000-08:002007-01-13T09:30:00.798-08:00

Apt for Linux..I need to try this out...http://linux01.gwdg.de/apt4rpm/

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1164348186335866142006-11-23T22:01:00.000-08:002006-11-23T22:03:07.000-08:00

Some of these tips are about proper communication through email; and from personal experience this can be as much a security risk to personal career availability as any xss or spam attack.http://www.itsecurity.com/features/99-email-security-tips-112006/

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1163572350430512582006-11-14T22:28:00.000-08:002006-11-14T22:32:32.470-08:00

Its been awhile since my last blog posting. I have moved, had comcast "issues" for a week, taught two classes a day for two weeks in a row, and began a couple other nice projects that cannot as yet be discussed.Once things settle in, I will resume some postings. If you are reading this, lease know that I appreciate your visits to this site and thank you for returning. Please check in periodicly

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1160681282326392442006-10-12T12:27:00.000-07:002006-10-12T12:50:03.593-07:00

Google now has a service that allows anyone to search open source repositories for vulnerable signatures. This is great.I am an advocate of open source for these very reasons. The point of open source code is two fold: The removal of bureaucratic barriers, and the peer review of functionality for usefulness and security. It is a myth that open source threatens business models, since they are

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1160573639929615022006-10-11T06:28:00.000-07:002006-10-11T06:35:42.730-07:00

Called a "USB Hacksaw" this article describes how to create a USB drive that will infect a machine with code that will archive and email the attacker with the files on every other USB drive inserted afterwards. If that sentence was hard to follow, just check out the article; and go find an encryption utility for your own USB drive immediately.USB Hacksaw

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1160433458754571342006-10-10T15:37:00.000-07:002006-10-11T06:25:56.900-07:00

In the earlier post I mentioned a virtual machine that would make it easy to setup an instrusion detection system.This one is even better. You will probably want to register for an "oink code" at "http://snort.org" but you don't have to. The default settings will show you plenty enough.The file comes as a VM. If you set it up as a single bridged network adapter, you can run it in the free

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1160431743852158402006-10-09T15:08:00.000-07:002006-10-09T15:11:33.496-07:00

I have mentioned this SSLMiTM attack in several classes,here is the link to the story:"The New Face Of Phishing" From the Washington Post

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1160431128603900912006-10-07T14:51:00.000-07:002006-10-09T15:02:40.260-07:00

There have seen several articals on this topic. Every one of them funny. They remind me of my bachelor days when I had a freezer that needed defrosting and I procrastinated on doing so; I could only squeeze in one TV dinner due to all of the frost. This version of Internet Explorer reminded me of that freezer; only a few pixels left for brainfood.IE7 in toolbar mayhem

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1160154704808234272006-10-06T10:06:00.000-07:002006-10-06T10:11:48.493-07:00

The link below points to an article on the metasploit site that walks through some of the main components of the web attack toolkit sold for around $15 by a Russian website. Do a quick google search for "Web Attack Toolkit" and you will find hundreds of articles discussing statistics about how prevalent the problem is, but perhaps for reasons of being responsible, these articles rarely give

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1159988200476042752006-10-05T11:53:00.000-07:002006-10-06T10:15:14.953-07:00

Not much to comment about on this link, but if you are a fan of Google earth or are wondering what it is; check it out.http://www.googleearthhacks.com/ten-things-with-Google-Earth/summary.php

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1160148456637817342006-10-04T08:27:00.000-07:002006-10-06T10:06:35.140-07:00

This is a cautionary tale about a customer being offered a 'free service' by an employee of his own hosting company that turned out to be a hack. Bored employees can be dangerous; in order to impress their friends or themselves they resort to playing jokes on competitors or customers. Of course the employer ends up feeling the damage along with the customer. The employee who engages in this

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1159988360104057952006-10-03T11:57:00.000-07:002006-10-04T11:59:20.186-07:00

Found these links and recording them here for quick reference:Wiki list of forensic toolsDFWS Presentations 

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1159190707017168282006-09-25T06:21:00.000-07:002006-09-25T06:26:15.053-07:00

I get asked all the time about what security researches do. This is a blog page from f-secure from December of last year that talks about, among other things, the IE WMF exploit that has been widely taken advantage of over the past several months. The page does a good job of describing a variety of combinations of things a researcher must look for and notice about an exploit. These examples are

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1159190334917547052006-09-24T06:02:00.000-07:002006-09-25T06:27:17.130-07:00

Websites that take advantage of a flaw in the dll that draws VML (Vector Markup Language) mostly seem to include pr0n and serialz (pirate software) sites. However, a Russian company is selling a Web Attack kit for about $15, (that includes technical support!) for installing this and other IE exploits. It won't be long before other sites follow suit; the free clip-art, screensavers, downloads,

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1159019017988130512006-09-23T06:35:00.000-07:002006-09-23T06:43:45.273-07:00

Snort is a Network Intrusion Detection System (NIDS) sign and that is passive, meaning it does not engage the target, and it is uses a rules based signature analysis technique. The rules are easy to learn to write, but a community of users has already created a large default collection that is actively developed and regularly updated.In my classes I highly encourage students to use: Snort,

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1158929715499706872006-09-22T05:48:00.000-07:002006-09-22T05:55:16.590-07:00

A two hour seminar is not going to cut it....but its a start.Information security is a wide broad and large subject. Some may claim its just snake oil and that claim is occassionally true. The bottom line is risk management and attaching the need to secure your assets to their value. Security breaches are as much a fact of life in business as any other risk catagory; some problems aren't worth

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1158886903451097062006-09-21T18:01:00.000-07:002006-09-22T05:57:10.546-07:00

In our classes we debate the legal challenges that surround securing wireless networks. I don't think we can legally hold non-computer experts accountable to misconfigured networks, I would prefer to ley this problem get solved in the marketplace by letting more secure WiFi products compete to solve these issues. We don't talk much about the other side; What rights do you have to a computer

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1158885617737681702006-09-20T17:36:00.000-07:002006-09-22T05:55:45.756-07:00

The link below leads to an excellent article about the pipeline worm, It offers a step by step description of how an infection can occur through using an instant messanger program, as well as some of the research techniques used to discover the source and workings of this malware. Screenshots are provided for a visual too. Great stuff!Pipeline Worm Floods AIM with Botnet Drones

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1158930822081321802006-09-19T06:00:00.000-07:002006-09-22T06:13:42.203-07:00

There are possibly thousands of these sites. Just like this very blog as a matter of fact, that deal with security issues and provide access to whitepapers and other packages for knowledge. infoSecond is run by a whitehat instructor and does does not often disclose 0-day or "underground" class information. I find stuff at the many websites I read and post what I think may be of interest to

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1159020439525571572006-09-18T07:04:00.000-07:002006-09-23T07:08:05.236-07:00

This link points to a page where you can download pre-built virtual machines to test products, operating systems, and other technologies. There is so much cool stuff here that if you are not yet convinced to learn about virutalization, maybe this will convince you to take the plunge.VMWare virtual appliances

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1159021442034119102006-09-17T07:21:00.000-07:002006-09-23T07:24:02.173-07:00

Provided by PaulDotCom, one of my favorites, this is a good list ot get started on listening to security podcasts.Security podcast roundup

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1158247422480715342006-09-14T08:10:00.000-07:002006-09-14T15:22:27.813-07:00

In my view, the thieves of the music industry are the .... well ... the music industry. How can an industry steal from itself? Artists who create the music, write and perform it often have to sign away their souls, stay in debt for years, and even get to a point where everything they do will be placed on a shelf and made illegal to distribute. All to keep up and coming bands from competing with

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1158246349456892282006-09-13T07:56:00.000-07:002006-09-14T08:24:32.760-07:00

Install this software on a cell phone and it will record text messages, conversations, and it can even turn on the microphone and record background noise.This is horrible, yet it is sold as a commercial product even there is almost no legal way this software could be used. The founder of this company argues that it helps people in dire stress find cheating spouses and so on. This kind of thing

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1158109227108396132006-09-12T17:58:00.000-07:002006-09-12T18:53:06.216-07:00

How long before we end up with a YouTube version of something like this? Its insane but for some reason I love it.Hacking VideosMore Hacking Videos

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1157302408934609712006-09-03T09:53:00.000-07:002006-09-03T09:53:29.803-07:00

This subject has come up in classes many times. Although we do not attempt to solve political issues in a technical training class, I believe ANY training class is subject to what I call "general awareness issues". These are current events in the news that may affect our lives, careers, and other choices, that are relevant to the topic at hand.The doublespeak is starting. A website called "

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1157237341271574852006-09-02T15:45:00.000-07:002006-09-02T15:49:01.766-07:00

The phishing emails are amazing in how arrogant, and how affective they can be. Read about it at the link below...and btw. there is no free iPod in the deal.Windows patch, Ipod exploited

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1156939619086789762006-08-30T05:05:00.000-07:002006-08-30T05:07:00.580-07:00

Nice trick on this page. They don't call it "internet exploder" for nothing.Crash IE

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1156904250277908522006-08-29T19:14:00.000-07:002006-08-29T19:17:31.356-07:00

This is a 50 minute video that I do not have the time to watch. Instead I an typing emails to people that take 50 minutes read. Hehehe. I will watch this video at somepoint but in the meantime, I am posting it here becuase some of the links google provides as being 'relevane' are just as intersting..The history of hacking

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1156940447492247692006-08-28T05:17:00.000-07:002006-08-30T05:20:47.580-07:00

According to this article (posted in October of 2005) one might be suprised. Wonder how many of those they found have been fixed by now...DNS Servers still wide open

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1156906418097225012006-08-27T19:18:00.000-07:002006-08-30T05:28:46.590-07:00

CSS means "Cascading Style Sheets" and XSS means "Cross site Scripting"Anyway, I am a huge advocate of using firefox, but I also admit I do not believe it is 100% secure either. The best choice I know of for that is anonym.os and the free vmserver. But the problem with that solution is that it is too techy. Having to go through that level of effort signals a sad state in security for the

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1156641354628049062006-08-24T18:02:00.000-07:002006-08-26T18:17:14.203-07:00

Short article discussing another example of a browser based infection technique. Some of the important general and common themes include: a. Browser security features don't work that wellb. the exploit was poorly written so it won't work eitherc. but it proves it can be done for someone else to tryAn interesting little idea thrown in also; Quoted from the article:"More recently, a Trojan attacked

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1156640319025521512006-08-23T17:58:00.000-07:002006-08-26T18:00:12.196-07:00

The driving force these days behind many attacks is the good old fashion need to make a buck. One of the problems faced in legal terms outside of obvious jurisdiction issues is the simple fact that some activities are just not considered illegal by everyone. That sounds funny. Since when did just anyone get to decide what is legal and what isn't? In this context, ethics also play a role that

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1156637204047609132006-08-22T16:47:00.000-07:002006-08-26T17:10:39.546-07:00

I mention this site often in class; its a study on the use of steganography in images posted to usenet. As of this posting, they say they have not found a single message. What this means is:1. Its there and they just haven't found it2. Its not there but somewhere else3. Stego isn't used on usenetIn other words, steganography does exist and is used, we just don't know where or how. If I were up

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1156246466687665582006-08-21T04:34:00.000-07:002006-08-26T17:09:45.826-07:00

At defcon, the fun part of the black hat security conference in Las Vegas, they display a "wall of shame"; passwords of real people at the conference who have the nerve to check thier email and log in to protected accounts. As the passwords fly past the network they also fly past the monitors for all to see. This article discusses many of the various ways these passwords are captured.Look at all

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1156633692440105082006-08-20T15:52:00.000-07:002006-08-26T16:08:13.386-07:00

Almost every security presentation includes a slide or two that mentions the "70% of all attacks are internal" and the "$x Billions of dollars a year are lost to ..." commonly accepted stats. Those statements are loose and missing a lot of important detail. But the point is made, the fear sets in, and we move on.The article below is a managment level (customer language) discussion about the

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1156163888228063362006-08-19T05:32:00.000-07:002006-08-21T17:34:17.713-07:00

...with advice on how to answer them.Along with all of the other advice on resume writing and cover letters and so on and so forth, doesn't this whole thing seem ridiculous? Actually no. I interview people for instructor positions that make some outrageous errors, demonstrating that common sense isn't too common. While I appreciate the fact that I am seeing the genuine article, I have to admit

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1156635564900918652006-08-18T16:10:00.000-07:002006-08-26T16:39:25.240-07:00

Interesting article detailing the 'food chain' of piracy activity. Note the references to various tools and terminology.Guide to Internet Piracy

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1156635818620949042006-08-17T16:40:00.000-07:002006-08-26T16:43:38.663-07:00

This is a great story. No spoilage here, just check it out....Geeks take down c-level executives

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1156162345253452702006-08-07T04:59:00.000-07:002006-08-21T05:41:26.693-07:00

Blogger quit working one day, then I quit trying. Then I tried other things with infoSecond, and I wasn't satisfied with the blog anyway so it was fine.Now blogger seems to be working again and I have given up worrying about wether or not the blog is particularly good. Instead of writting up lengthy articles rant and wisdom and other originally derivitive thinking, I will be satisfied with the

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1147325402800435752006-05-10T22:30:00.000-07:002006-05-10T22:30:02.866-07:00

For a recent conversation had during a CISSP class ....Slashdot | Torvalds on the Microkernel Debate

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1145716106138378882006-04-22T07:28:00.000-07:002006-04-22T07:28:26.226-07:00

It seems the theme for this year is WiMax and SIP phone technologies, but portable entertainment is still as popular as ever.The question we ask is usually, "When do we see it?" But we already know many of these products will never make it to our local retailer. Why not just enjoy the possibilities, and the reminder that we are only just getting started on the technology front.Oh BTW, remember

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1145413255959498282006-04-18T19:20:00.000-07:002006-04-18T19:20:56.030-07:00

Here is a good joke to tell everyone at work tomorrow: Q. What do you get when you take the source code of a file, and discover that converting the binary into a number resulted in a prime number?A. A group of lawyers arguing that number is illegal, since the binary was a source code of a circumvention of the DMCA.Hilarious.Illegal prime - Wikipedia, the free encyclopedia

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1144711098685387812006-04-10T16:18:00.000-07:002006-04-10T16:18:18.760-07:00

The tool you are mostly looking for is "VMX Builder" the other tools are great but extraneous.This blog is a follow up to the number of times I have told students this could be done, but could not at that moment produce the resource. After you make your virtual machine, you will want to download the free vmware player to use it.VMware Utilities Homepage

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1143823691928446192006-03-31T08:48:00.000-08:002006-03-31T08:48:18.016-08:00

A Russian website is offering a do-it-yourself web based attack kit for about $15. Plug in the code, spam a few hundred "marks", and you have your very own botnet to play with.If you google the phrase above as I suggest, you will find pages of sites reporting the event. Is this responsible reporting or Millions worth of free advertising for the scumware?The site for the kit is in Russian, and

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1142122815149648562006-03-11T16:20:00.000-08:002006-08-22T04:35:40.276-07:00

Watch this video from IronGeeks.comDownload MySlax CreatorDownload SLAX and Choose modules

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1141838792578024762006-03-08T09:26:00.000-08:002006-03-08T09:26:32.613-08:00

In many classes I use VMWare and advocate its use in a lab environment. Below is link to a page that offers many comunity created, free of cost, virtual machins for you to try.I was putting together a free VMWare kit when I ran across this. Ther is too much, it is a growing community and offering. Download the free vmware player and the new beta of the vmware server first; and then have at

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1141848930934615212006-03-06T12:15:00.000-08:002006-03-08T12:16:12.530-08:00

At infoSecond.com I try to provide an easy way to access information with a mix of my own opinions. These opinions involve a mixture of human thought, spirituality, and technology. On the tech side, information security is the primary subject.In truth, you could just visit a variety of sites on your own and get the same thing...hey, do what works.At the website listed below, I think they have

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1141832024274267302006-03-05T07:33:00.000-08:002006-03-08T12:17:05.810-08:00

It true. The article says it all.At the bottom of the article referenced below, there are links to .pdf files that are also worth reading.Dancho Danchev - Mind Streams of Information Security Knowledge!: 0bay - how realistic is the market for security vulnerabilities?

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1141394038499795062006-03-03T05:53:00.000-08:002006-03-03T06:06:03.326-08:00

Playing music, I learned a long time ago that I could not write a song by myself. I just don't have the ear necessary. But I can write original music in a collaborative situation, working with the ideas of others.One of my favorite tenants to live by I first read in a Stephen Covey book; "When two people are in perfect synch, one of them is not necessary."When disagreements are embedded in an

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1141394651666421232006-03-01T05:57:00.000-08:002006-03-03T06:59:21.553-08:00

Sometimes I wonder if perusing the random commentary on the web is a waste of time. Then I try to watch "professionals" give opinions on TV and I realize that truly is a frustrating waste. If watching TV at all, we are better off knowing its fiction and enjoying the escape. I like "The Shield" for this. The show "24" is almost too over the top silly but its still good fun. "The Office" is

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1141394116136330262006-02-26T05:42:00.000-08:002006-03-03T05:56:34.636-08:00

Very clever stuff here. Try them on Linux tooFunny UNIX shell commands

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1140283088750168742006-02-20T09:18:00.000-08:002006-03-03T05:56:52.876-08:00

Probably the most in-depth article I have found on the subject, an interview with a botnet master and others involved in the process. Try not to get too angry while reading. This is a must view.Invasion of the Computer Snatchers

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1140282429365688862006-02-18T09:07:00.000-08:002006-02-18T09:07:09.436-08:00

This article has frightening examples of what can be found on Google, with links to sites with even more information.Silicon Valley Sleuth: Things you don't want Google to find

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1139869056694238642006-02-13T14:17:00.000-08:002006-02-13T14:18:41.803-08:00

I usually excuse my procrastination by saying "I have a large list of things to do, and many of them will never get done, but I do my best."In the meanwhile, being more privately honest, I know that system does not work. We all have and there will always be more things to do than fits the day. There are systems, disciplines and priorities that help us make the best choices. Here is a list of

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1139867831607817852006-02-13T13:57:00.000-08:002006-02-13T13:57:11.743-08:00

Bruce Schnier always brngs up an interesting angle. I have long feared PKI as the most probable form of the "barcode on the forehead" type of thing described in the lore of the book of revelations. But in this article something obvious is discussed. Companies will never agree on a common authentication system becuase their own egos .... er er er cough branding requirements prevents it.Maybe in

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1139268239275138292006-02-06T15:23:00.000-08:002006-02-06T15:23:59.333-08:00

I have been playing with OpenSUSE 10.1 beta2 for a few days now. Its very very cool. Since it is open source though, it leaves a few applications out. Follow the steps in the linked article to add the rest of what you need for a full multimedia machine.Hacking OpenSUSE

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1138759056797757572006-01-31T17:57:00.000-08:002006-01-31T17:57:36.856-08:00

I am blogging this as soon as I found it, so I do not have an opinion yet. Give it a try...if you dare....Internet Explorer 7: Beta 2 Preview checklists

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1138472704164778402006-01-28T10:25:00.000-08:002006-01-28T10:33:14.843-08:00

When I am asked why I use Firefox, the assumption is that I will go off on a diatribe about security issues ad so forth. As it tuns out, I use firefox because I just think its better. I like the page rendering, options and general usability. Those aspects are arguable, and of course there are the security items...Unfortunately, some websites insist on being IE only. I do not believe for a second

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1137880952248330282006-01-21T14:02:00.000-08:002006-01-21T14:37:56.873-08:00

While searching for a book on amazon I consulted the list of a person who was recommending websites in addition to paper publications. When I clicked on a link I was not taken to the site as expected, but to an amazon page with a description, thumbnail and misc data like popularity and uptime.Examining the URL and playing around for awhile showed the below link. It has been there awhile, so it

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1137878604646584522006-01-20T13:23:00.000-08:002006-01-21T13:23:55.433-08:00

Here is a good reference page that shows some of the things that can be done at a google prompt. Including many of the lesser known services that are available.Yeah I know, I should use the spell:word feature more oftan.CyberWyre » Data Mining using Google

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1137724026552109472006-01-19T18:27:00.000-08:002006-01-19T18:27:06.620-08:00

Nice commercial for Linux, and a few good quotes to go along with it.comercial de ibm linux - Google Video

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1137857407560262402006-01-18T07:30:00.000-08:002006-01-21T14:06:43.510-08:00

With ever increasing speeds I wonder; "Why?" In fact even just 10Mbps is sufficiant for 90% of internet users, email and webpages download plenty fast at that speed. The reason is home media...video and music....and of course the ensuing advertisements chewing up the bandwidth we just paid to upgrade to.Let me try a different angle. An end user pulls down basic traffic for the most part until

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1137351023111569942006-01-15T10:50:00.000-08:002006-01-15T14:25:23.720-08:00

Frequently students in my classes are interrupted by cellphones, email, blackberries and the like. Because of the nature of my educational institution I have to allow the interruptions, up to a point.I wonder to what extent does the student have the power to ignore these messages. I also know that in some cases the employers will just not leave the student alone. I went through this many times

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1137260540490676832006-01-14T09:42:00.000-08:002006-01-14T09:42:23.213-08:00

The wikipedia has been taking some grief lately in the news for reporting innacuarate information. Whenever I run across a story like that, I cannnot help but wonder if the story in question was really wrong or just something that the target didn't want people to know about. Of course that also begs the discussion about the extent to which we have the right for people not to tell stories about

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1137254111878662362006-01-13T07:55:00.000-08:002006-01-14T10:39:47.606-08:00

I am not qualified to provide legal advice, so this article is presented without cross checking or verification. It is however, compelling reading and where IP (Intellectual Property) is concerned, err-ing on the side of caution is wise. 10 Big Myths about copyright explained

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1137253531873276312006-01-12T07:45:00.000-08:002006-01-19T18:58:10.146-08:00

VPN - Virutal Private network - protects your network traffic from eavesdropping. It does not protect your local data, but if you connect your laptap to your home PC from a schools, coffee shop or other public place, then you really need to protect the traffic.Hamachi is a home VPN solution that is easy to configure and free of cost.Hamachi : Stay Connected

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1137263889131892852006-01-11T10:38:00.000-08:002006-01-19T19:01:31.856-08:00

The goal for this webiste is to bring together the thoughts and discoveries of some of the best minds in the world.There are many brilliant professionals out there. Unfortunatley, many of them are not interested in sharing their knowledge. But the scientists that contribute to this site have made the choice to bring extraordinary complex ideas into the fold of everyday life. Please support

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1137725655536342932006-01-08T18:54:00.000-08:002006-01-19T18:56:50.413-08:00

This Christmas I bought my wife an iPod. i got it from the Apple store and included a mushy engraving which will remain between the two of us. Now I must confess that I was an avid anti-iPod consumer, but after I saw how much fun she was having....well for research purposes only I needed to have one of my own.One of my biggest concerns was that Apple is somewhat friendly with the concept of DRM

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1135958322082788342005-12-30T07:58:00.000-08:002005-12-30T07:58:42.130-08:00

This site provides instructions on disabling the utterly stupid waste of time that is WGA (Windows Genuine Advantage). This is the thing that MS requires you to do whenever you download certain items from their website.Disable Windows Genuine Advantage Validation

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1135967554486834832005-12-29T10:32:00.000-08:002005-12-30T10:33:18.523-08:00

This blog is supposed to be about information security...with a smattering of philosophy and other random thoughts. yet I find that much of the time I feel compelled to follow the RIAA battles. Maybe it is because I think "information assurance" should side with the consumer and not the big business.Both the RIAA and the MPAA have valid concerns. I am not among those who see them as inherently

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1133489637077934222005-12-01T18:13:00.000-08:002005-12-01T18:29:00.356-08:00

The "About page" for Google (linked below) announces anit-virus services are now installed in their gmail service. On nearly the same day, Microsoft Live also announces (also linked below) the release of an anti-virus application.The competition is heating up and it is fascinating sport to watch.About GmailMicrosoft Ideas Live

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1133487683575915402005-11-30T17:41:00.000-08:002005-12-01T18:16:06.073-08:00

There are many way cool projects out there that you can participate in simply by donating cpu cycles when your computer is not busy. You can look for aliens, fold proteins, or study climate change (or disprove climate change if you are a repugnican).Simply download the client(s) of your choice, install and you are on your way to a nobel peace prize...or maybe you will only discover aliens but

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1133316498410628962005-11-29T18:08:00.000-08:002005-11-29T18:08:18.460-08:00

In the Linux world there are many debates. I call them "Pete Rose arguments". Baseball fans will spend hours arguing over wether or not Pete whould be in the hall of fame, but after expending enormous energy, they accomplish nothing and they change nothing. Bring the subject up to a baseball fan however, and prepare yourself for a looooong and passionate discussion about the game, philosophy and

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1133154800750609012005-11-28T21:13:00.000-08:002005-11-27T21:14:12.656-08:00

Still not convinced the patent system in our country needs an overhaul? Check out these examples:Archive - Totally Absurd Inventions & Patents, America's Goofiest Patents

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1133154665599169642005-11-27T21:11:00.000-08:002005-11-27T21:11:05.600-08:00

Here is a good tutorial on the subject that includes links to the software you will need. Why you ask? Archiving, maximizing storage space, making bittorrent file....er ere er I mean compressing home movies... DVD to CD / 4GB > 1.4GB > 700MB

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1133154457568916172005-11-26T21:07:00.000-08:002005-11-27T21:13:38.086-08:00

It sounds boring at first but if you are even the least bit curious about all those setting in the cmos configuration tool of your system, this guide will provide some answers.For those in the forensics profession, this guide may provide invaluable explainations.The Definitive BIOS Optimization Guide

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1132676073721102942005-11-24T08:14:00.000-08:002005-11-22T18:15:08.936-08:00

Every year someones askes "Why do the Detroit Lions always play on Thanksgiving" but I could never answer the question. Each time I pledge to look it up but then under the weight of all that food I forget.This year i ran across this story accidently, and now i can finally answer the question. Too bad the article doesn't explain why the Cowboys always play too. Sigh. one can't know everything..

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1132680940096639512005-11-22T09:35:00.000-08:002005-11-22T09:35:40.096-08:00

Are you sure you get the best results from the engine you return to each time you need some data quick? This site allows you to perform a blind test, by asking you to perform a search and then the results are displayed without formating or noticable marks. You then indicate which result set you like best, and you can find out if it is your typical favorite. The Search Engine Experiment | SEO

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1132680531318001912005-11-21T09:28:00.000-08:002005-11-22T09:29:25.243-08:00

There are many long standing souces or music and streaming content. But the value add of this website is that you provide an example or two of bands you like, and they will construct a radio station that matches your tastes. The service is free, and it works well. You will need to register for a login after a few songs, but you can sample how it works before doing so.Discover Music - Pandora

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1132680169943657092005-11-19T09:22:00.000-08:002005-11-22T09:29:08.156-08:00

Pay attention to the way brick and morter stores do business at the point of sale terminal (cash register). Many of them are simply contacting a secured website. How long before retail locations are nothing but touch and feel front ends to an amazon page?I do not use a local email client for security reasons. I prefer a webbased service that works like a local client; http://fusemail.com, it

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1132679597432870792005-11-18T09:13:00.000-08:002005-11-22T09:22:59.086-08:00

If you have opinions about music downloading or follow the situation, you know its easy to hear the "pro" side of the story. Is is important to also hear comments made directly from those who believe DRM is necessary and is in fact providing a service in the grand scheme of things. I think you will find that most of the time the arguments are reasonable, from their perspective, and do have

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1132676800325566042005-11-17T08:26:00.000-08:002005-11-22T09:13:32.286-08:00

There are Wifi finders that can be purchased to a few bucks but they only give you a blinking light when they find a network. This one includes an LCD readout that provides information about SSID, WEP key requirements and signal strength. One you have found a hotspot, plug this finder into the USB port of your laptop and it funstions as the Wifi card.I do not know if it supports monitor mode or

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1132281856361416372005-11-16T18:44:00.000-08:002005-11-17T22:04:10.256-08:00

To lighten the load a bit from the Sony DRM thing, the link below points to a slashdot reference of an article about how IT personnel dress. Read the discussion (and od course the article) if you need a few minutes diversion.My own take: I have to wear a tie, the owner of the company requires it. I don't mind but don't tell me that it isn't a big deal. Recently the NBA had to adopt a dress

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1132278278975684882005-11-15T17:44:00.000-08:002005-11-17T22:03:55.513-08:00

There have been many stories about this topic and this one is the best I have run across. It is written by one of the best authors in the realm of Information Security out there; Bruce Schnier. It is a must read if you are interested in the topics of DRM, Malware, Security, etc.But I am wondering something. The argument about Linux being more secure is often refuted by those who remind us about

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1132295087134664882005-11-14T22:24:00.000-08:002005-11-19T08:15:41.306-08:00

This book came up in a conversation today, and it reminded me that this item has been on my "to read" list for quite some time. Many questions arise about what is the "hacker culture". Why on earth would anyone volunteer to spend hours upon hours doing something even if there was little or no money to be made?Because..."The world is full of interesting problems waiting to be solved" and for some,

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1131645790341530242005-11-09T10:03:00.000-08:002005-11-10T10:14:33.406-08:00

In the 06:35 PM ET, 11/ 8/2005 posting in the Brian Krebs blog on the Washington times website, Brian tells us that California is suing Sony over its DRM technology.Another interesting angle to this story is that now a large company with vast resources is actually investing RnD into creating Windows Exploits, and once they are dissected, malware authors are using the findings in their trojans.So

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1131638650664853212005-11-08T08:04:00.000-08:002005-11-10T09:53:31.930-08:00

DRM Stands for "Digital Rights Management" and it is a framework for protecting copyrighted material. A rootkit is software that installs itself in an extremely intrusive manner, to the point that it can send identifyable information about you, may expose your machine to access through backdoors, and is impossible or extremely difficult to remove from your system.I used to be a fan of Sony

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1131547937215339812005-11-07T06:52:00.000-08:002005-11-10T09:53:07.350-08:00

HijackThis is an freeware advanced malware scanner. It is meant to be used in conjunction with other anti-spyware applications. Its purpose is to help you track down the changes made by a malware infection, including registry values and running processes.If you want to see what its like to perform the investigation process, this is a great tool. Below I have provided a link to a tutorial on its

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1131032175880854552005-11-03T07:36:00.000-08:002005-11-03T07:37:38.573-08:00

Since my big day is coming soon, I thought I would try another random blog search activity as I did a few days ago. Its an occasional unscientific study that takes under 5 minutes but I think it often reveals a rather honest and candid sampling of what people are up to.I typed in the word marriage, and I am disturbed to report not one of the first 50 or so hits included anything fun, positive,

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1130892525566214052005-11-02T16:48:00.000-08:002005-11-02T20:55:20.446-08:00

This has come up more than once as people giggle when I say "eeth-ear-eel" or something close. It never occured to me to pronounce it as "ether-real". So I googled it and as it turns out there is an entry in the FAQ that dispells the mystery. There is also a dictionary definition of the word that includes an audio example.So :-P~~~~~~~~~

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1130872026928673112005-11-01T10:49:00.000-08:002005-11-03T07:38:39.603-08:00

When people tell me they are a fan of reality TV I get a little uptight. Those shows are just highly edited pieces that are far from reality. They only show the worst of humanity; backstabbiing, rumor spreading gossip hounds that think betrayal and treating people like crap is ok as long as it is just part of a game.The usual response is that I am accused of "thinking too much".So I try the "They

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1130773764358921492005-10-31T07:49:00.000-08:002005-10-31T07:49:24.433-08:00

Looking around for opinions or reviews of the MSBSA (Microsoft Baseline Security Analyser) I ran across a couple websites to pass along. infectionvectors.com malwarehelp.org

SDnoreply@blogger.comtag:blogger.com,1999:blog-8598458.post-1130692067310528702005-10-30T09:07:00.000-08:002005-10-30T09:07:47.330-08:00

There is a difference between the study of human thought and behavior, and the actual experience of living. Even the most objective scientist has to live and socialize, otherwise he might be considered a sociopath. This is an extreme example of course, but the point is that we can find the experience of life, thought, and human behaviour to be a fascinating work of study without conflicting with

SDnoreply@blogger.com