Saturday, March 27, 2010
Using Windows 7's DirectAccess to enhance the mobile user experience
...it's actually pretty cool and worth checking out.
Friday, March 26, 2010
“Too often, much of late, the last couple three years the mal-distribution of income in America is gone up way too much, the wealthy are getting way, way too wealthy, and the middle income class is left behind. Wages have not kept up with increased income of the highest income in America. This legislation will have the effect of addressing that mal-distribution of income in America.”
The rich keep getting richer because they keep doing the things that make them rich. The poor keep getting poorer because they keep doing the things that make them poor. It's basic logic just like the "secret" to losing weight: eat less, exercise more. People just don't get these basics of life. It's why so many people buy into the nonsense the diet companies and politicians "feed" us. This mindset explains why this book and its philosophy make so much sense.
Everything in life is a personal choice. Where we are in life today is the exact sum of all the choices we've made up to this point.
Interestingly, information security is no different - you choose the behavior (i.e. ignoring the problem) you choose the consequence (i.e. security breach).
I do not like it Uncle Sam, I do not like it Sam I am. I do not like these dirty crooks, I do not like how they cook books. I do not like when Congress steals, I do not like their secret deals. I do not like this Speaker Nan, I do not like this 'YES WE CAN'! I do not like this kind of hope, I do not like it, nope! Nope! Nope!
I've since had other scenarios where it has done the same thing and left me wondering why are other scanners finding these holes!?
The following screenshot shows some of the Acunetix Web Vulnerability Scanner password check policy settings.
The scanner not only checks for weak Web passwords but also weak FTP, POP3, SMTP, and telnet, and others as well.
I'm still waiting for some good brute-force checks built into these tools (a la Brutus) and - especially - better handling of login forms. If/when this occurs I honestly think we could eliminate a huge chunk of the directly-exploitable Web flaws out there. In fact, I'm really surprised that other scanners aren't doing more in this area.
I'm confident that many - if not most - Web sites/apps that are deemed "secure" are just one weak password away from getting hacked...the weak passwords are there, they're just being overlooked. Unless and until we start seeing better password-cracking capabilities built into all mainstream Web vulnerability scanners this flaw will remain and surface its ugly head in any given system. It's just a matter of time.
Tuesday, March 23, 2010
I see it practically every time I'm at a coffee shop - someone leaves his/her laptop sitting at the table while he/she goes out to take a phone call, use the restroom, smoke a cigarette, talk with an employee across the store and provides someone with ill-intent enough time to snatch the computer away or, in some cases, sit there and monkey around with the computer.
All it takes is about 60 seconds for someone to hop onto an unsecured computer, access sensitive files stored locally or via the corporate VPN and then delete them or email them out.
Combine this vulnerability with unencrypted hard drives and Microsoft's new always-on mobile intranet connection called DirectAccess and you've got yourself a big problem on your hands.
Download it and learn more about:
- New Web application security challenges
- Assessing your Web application security
- Beating common Web security attacks
- Hacking your own applications
- Web application security best practices
Reminds me just how cheap talk can be when the marketing machine gets its way - especially with "cloud computing". Look more at the actions of businesses and people and less at the words. There you'll find what they're made of.
Monday, March 22, 2010
"In our world of infinite wants but finite resources, there are only two ways to allocate any good or service: either through prices and the choices of millions of individuals, or through central government planning and political discretion."
You hear me say a lot that those in control of information security have a choice in the matter...and, as Dr. Phil McGraw says, you choose the behavior you choose the consequences. So be it.
But we individuals in our own personal lives here in America are losing our ability to choose. It's our new reality with Obamacare and, I suspect, many many other things to come. The politicians know better than the people...and it's all our fault.
I'm going to miss the days when we were in control of ourselves...when we were free.
You probably think I'm crazy. I really don't believe I am...I just see what has happened since the beginning and understand what all of this government control will lead us to. The decisions made this weekend will change our country deeply forever. Everyone will understand sooner or later.
Ensuring proper data deletion or destruction of backup media
Frederic Bastiat once said "When plunder becomes a way of life for a group of men living together in society, they create for themselves in the course of time a legal system that authorizes it and a moral code that justifies it."
In the same spirit, I want to send out a sincere and heartfelt Thanks! to all my fellow Americans who voted for "Hope" and "Change" putting a Marxist-loving community organizer into power that has led to the passing of this healthcare "reform"monstrosity.
- I want to thank all the people who cannot think long term.
- I want to thank all the people who do not take responsibility for their own choices and actions.
- I want to thank all the people who vote for a living.
- I want to thank all the people who use the police power of government to mooch off of others who actually work for a living.
- I want to thank all the people who believe that government can solve all their problems.
- I want to thank all the people whose selfish dependence on government takes top priority above all.
- I want to thank all the people for supporting politicians who want to force their ideals upon us for the sole reason of gaining control of us and maintaining their own political power.
- I want to thank all the people for supporting politicians who could only pass a bill by manipulating and cheating a well-defined set of rules and procedures.
- I want to thank all the people who believe that Socialism and Communism are "other people's problems" - things that America could never evolve into.
- I want to think all the people who voted for George W. Bush and all the other spineless Republicans who have played a big part in where we're at today.
- I want to thank all the people whose desire for "Hope" and "Change" have helped diminish the opportunities this country had to offer my kids and my future grandkids and, instead, created a scenario for everyone to work harder with less payoff.
I'm just furious at what we've let this country become. The wars that have been fought...the lives that have been lost...the toil our Founding Fathers endured....All of that to end up like this.
Shame on us.
The state of email content filtering - and what you can do
Solidify your Exchange email server incident response plan