You can't secure what you don't acknowledge.SM

Friday, April 25, 2008

Thought of the day on compliance

"Compliance as we know it is something that should’ve been in place in businesses all along - without the government having to intervene in the free market." --Yours Truly.

My security content from this week

Here are my information security articles published this week:

Vista SP1 vs. XP SP3 -- upgrade or business as usual?

SQL Server 2008 security and compliance features reduce security risks

As always, for my past information security content be sure to check out


Wednesday, April 23, 2008

Locked out of your Windows system?

So, you're locked out of one of your Windows systems?...maybe you forgot the password or someone changed it on you and then bailed? Well never fret, there is hope.

Elcomsoft has recently released a new version of their Elcomsoft System Recovery tool. Now, if you ever get locked out of Windows NT4, Windows 2000, Windows XP, Windows XP, Windows Server 2003, Windows Server 2008 and Windows Vista (including SP1), you've got a very reasonably-priced tool to help you. Just burn it to CD and boot the machine from it. A couple of steps later and you're back in business.

There's also the free Ophcrack tool if you'd rather try cracking the Windows password hashes. The only caveat is that you'll really need the pre-calculated rainbow tables for it to be of value.

Either way, these are great tools for getting yourself out of a bind AND great tools for demonstrating just how vulnerable and stupid it is to not have laptop drives encrypted...or any drive in any system that's physically vulnerable for that matter.

Tuesday, April 22, 2008

The way tech support *should* be

I don't have the opportunity to say this ever but I'm so high on good customer service right now that I had to write about it. It's regarding two separate extraordinary tech support experiences I've had recently...

It's with Kensington. They've actually knocked my socks off twice. The first support experience was with a modular power supply adapter I had of theirs...I had bought a new HP laptop and needed a new plug for their power supply so I could use it with my new computer. I contacted their email support and within 2 weeks I had the part that I needed. No questions asked - all for free. AND, get this, they actually kept me in the loop. They set my expectations so I knew what to plan on. WOW! It seems no one follows that customer service mantra any more but Kensington did.

Kensington came around a second time as well. My modular power adapter of theirs apparently had a short in it...the transformer was getting extremely hot and, most of the time, I had to position it just right hanging off the wall to get it to work....As much as a like bending over underneath my desk holding a power adapter in the right position with one hand and doing my day-to-day work with the other hand, I just couldn't take it any more. Well, I emailed Kensington and told them my issue. Within minutes they had responded. They wanted me to fax my purchase receipt...yeah, right - there's no telling where that thing is. I told them that, and they said that's OK, send us your shipping address and we'll get one out right away under warranty....WOW. Imagine that. No questions asked customer service that actually FOLLOWED THROUGH with that they said they were going to do. I got a brand new power adapter. And I didn't have to pick up the phone and waste my time on hold...It was all email interaction. So, a technology company using 21st century technologies to interact with their customers. What a concept!! Kudos Kensington...Keep up the good work!

It's sad that I'm so excited about something that every single business should be focused on. But it's reality and I want to thank the people who run and work in support for Kensington for standing out above the noise. It really does make a difference.