Who wants all your information? Sears does!
Binary
elite_fuzz
I hope no one that reads this belongs to Sears (or K-marts) SHC community. I really hope you don't. If you do you're in for a potentially big shock. Normally at this point I would laugh at people for not reading the fine print. Unfortunately it's looking like that wouldn't have helped in this case. To be honest I haven't yet had the time to check these allegations for myself, so take what I say with a grain of salt. When I have a chance to check these things out I'll update this post.
A very very small grain of salt...Collapse )

Where does my money go when I give it to my bank?
Binary
elite_fuzz
Recently I have written a few entries highlighting security concerns, especially physical security. I've talked about security policies and why every business should have them, after all your security is only as strong as your worst employee. So while I was searching for interesting news I came across a story that highlights the need for security policies that you might find incredibly funny (in an “oh my gosh I can't believe he did that” kinda way).
You really won't believe it...Collapse )

Virtual pain in the rear
Binary
elite_fuzz
We all love virtual machines. Ok, not all of us, but they are the “way of the future.” Virtual servers cut down on hardware costs, cooling costs, maintenance costs, and a slew of other things. Not only that, but their cool! One machine that can run your web server, app server, storage server, directory, printing, and whatever else you can think of. Who wouldn't find that cool (probably someone not in an IT department...)? However, we have to remember that having everything on one machine gives us a single point of failure.
What the heck does XEN stand for anyway?Collapse )

New virus, old threat
Binary
elite_fuzz
A new rootkit is making the rounds that you should be aware about. Rootkits by themselves are nothing new or exciting, but this particular one is using an attack vector that was common during the old MS-DOS days!
Rootkits and worms and trojans, oh my!...Collapse )

What can MAC filtering do for you?
Binary
elite_fuzz
You have heard me talk about how easy it is to break wireless encryption, and yes, it is easy. Every time I write an article that mentions this someone invariably asks me if I can tell them how to break some type of wireless encryption. If they're my friends, and they have a legitimate reason I'll do it for them and not tell them how. If its a random stranger my answer is always “I cant do that, but I can point you to a website that has some utilities that might be able to help you out.” Strangely enough, a link to that site is on the side of my webpage... (hint, it rhymes with binsecure and ends with .org...)
for those that aren't good at rhyming the website is www.insecure.orgCollapse )

Why do we need end users again?
Binary
elite_fuzz
A chain is only as strong as its weakest link, and your security is only as strong as your worst employee. Employees have been, are, and will remain the single biggest threat to network security. Yes, crackers remotely breaking into our network is big and scary and we need to do whatever we can to stop it. However, if you think its easier to do that than to send an email posing as a member of the IT department and ask for a username and password you are very mistaken.
Shit like this is why I have an ulcer...Collapse )

Please, wont someone think of the children?...
Binary
elite_fuzz
SAFE Act 2007, what a clusterfark. Securing Adolescents From Exploitation-online. This bill was rushed through the House of Rep's, and when I say rushed, I mean rushed! It was sent through the House of Rep's using a mechanism that is supposed to be reserved for non-confrontational bills. On top of that it passed almost unanimously. If I remember correctly, it passed 409 to 2. The two people who didn't vote for it were both republicans, one of whom is Ron Paul (gee, I still cant decide if he's just a classic libertarian or someone who actually does his job).

What is the Aim of this bill? Well, its lofty goal is to help stop the aquisition and spread of child pornography. Holy sh*t! I'll vote for that! Wait, whats that? People that own private (home) wireless access points might be held accountable by this law? The law doesn't clearly define what an "obscene" image is? The law gives no indication on how business or private parties should comply with the law? Hu?... Gee this bill sucks!
Am I now my brothers keeper? -or- Why the heck are we still talking about 2007?Collapse )

The geographic model looks like the spread of a virus...
Binary
elite_fuzz
Wireless security is one of my favorite soapbox's. Whenever I teach an A+ class or a Net+ class I always spend a few minutes talking about the theory behind cracking WEP and WPA, and how easy it is, to drive home the point that wireless connections are just not secure without advanced encryption and authentication (something a RADIUS server would provide). Researchers at Indiana University have recently given me another talking point when lecturing students on wireless security.
The worms are everywhere...Collapse )

Taking care of old hard drives
Binary
elite_fuzz
I while ago, as I was teaching an A+ class, the topic of how hard drives store information came up. I was successfully sidetracked (as I'm sure my student hoped I would be) into a brief discussion on the mechanics of hard drives. Of course, once we started talking about that I was forced (forced I tell you) to get up on my soap box about data security.

What does data security have to do with the mechanics of hard drives? As most professional IT people will tell you simply erasing the data off of a hard drive via formatting or deleting files doesn't actually remove the data from the hard drive. “What!? Your saying that deleting the contents of my trash bin doesn't mean the data is lost?”
Data will self destruct in 10, 9...Collapse )

Making Sense of the Open Standards Institute 7 layer model of networking communication...
Binary
elite_fuzz
Long title, but accurate. I will attempt to make sense of the OSI seven layer model to networking. Ill explain it in non networking terms then go back and expand a little on it. I wont get in to too much detail, but you should have a working understanding by the time were done here.

But why should you know? Specific problems in networking can be attributed to specific layers of the OSI model. When someone says to you that there is a level 1 problem with the network card it would be good to know what they're talking about. Also, different protocols work at different layers of the networking model. If you cant retrieve emails from your server you might have a POP3 problem, which is a layer 7 issue.

7 layer modelCollapse )

?

Log in

No account? Create an account