tag:blogger.com,1999:blog-3284867220237006472024-08-28T15:21:31.905-07:00GEEK SpeekrG0d (CISSP, GCIH, GEEK)http://www.blogger.com/profile/16695420070891007433noreply@blogger.comBlogger10125tag:blogger.com,1999:blog-328486722023700647.post-44817564913050175532007-05-31T10:26:00.001-07:002007-05-31T11:08:08.245-07:00Back in January (damn, that seems so long ago) I made the statement that, despite the Microsoft push for Vista as a security panacea, security is not a good reason to move to Vista (see So long Superman... Vista will save the world).CRN Australia today just published an article "Vista, XP users equally at peril" detailing Test Center engineers validation of my statements.Reading through their rG0d (CISSP, GCIH, GEEK)http://www.blogger.com/profile/16695420070891007433noreply@blogger.com1tag:blogger.com,1999:blog-328486722023700647.post-58248491796771844662007-04-09T14:41:00.000-07:002007-04-09T15:41:24.612-07:00Credit Agencies - The Ultimate ScamAdam, over at EmergentChaos recently blogged about The Cost of Disclosures, and a Proposal, wherein he proposes that there must be [paraphrasing] some trade-offs to disclosing security breaches of non-critical information vs. breaches of significant information. One statement in particular caught my eye:I'd be perfectly willing to forgo personal notification of the theft of credit card numbers. IrG0d (CISSP, GCIH, GEEK)http://www.blogger.com/profile/16695420070891007433noreply@blogger.com6tag:blogger.com,1999:blog-328486722023700647.post-89917917636371913972007-03-30T12:52:00.000-07:002007-03-30T13:20:07.831-07:00Blog RedirectsI've never been a big fan of people who post blogs that just point to another blog posting, essentially reiterating the original point. I've always thought the motivations behind these can too often be lame attempts at name recognition, increase hit-counters (ad-counters), or just the "I want to be part of something bigger" that I feel permeates the blogosphere.I do feel there is some merit in rG0d (CISSP, GCIH, GEEK)http://www.blogger.com/profile/16695420070891007433noreply@blogger.com4tag:blogger.com,1999:blog-328486722023700647.post-7548166448615729862007-03-27T09:08:00.000-07:002007-03-27T09:41:56.769-07:00New Toronto Security ConferenceIn the past, Toronto has hosted a bunch of Security conferences, but most of these, like InfoSec Canada, are essentially technology trade-shows. Surprisingly, there hasn't been anything like CanSecWest in Toronto which focuses on showing people new and interesting ways that they may be attacked, and not simply pimping their products - essentially, educating the security geeks (like me) on the rG0d (CISSP, GCIH, GEEK)http://www.blogger.com/profile/16695420070891007433noreply@blogger.com0tag:blogger.com,1999:blog-328486722023700647.post-29252788991387539802007-03-23T11:19:00.000-07:002007-03-23T11:23:55.869-07:00Whitehouse Directive 2SANS just posted more info - there are now links to these documents which didn't exist up to yesterday (I've been checking daily).UPDATE: FLASH REPORT ON THE WHITE HOUSE SECURE CONFIGURATION MANDATEThe White House posted a second memo last night, confirming its mandate that all federal agencies must use secure configurations if they choose to deploy systems that run Windows Vista or XP. The rG0d (CISSP, GCIH, GEEK)http://www.blogger.com/profile/16695420070891007433noreply@blogger.com0tag:blogger.com,1999:blog-328486722023700647.post-23065288981718214082007-03-21T05:06:00.000-07:002007-03-21T05:31:00.208-07:00Whitehouse Directive: All systems acquisitions must run on Hardened ConfigurationsI can't seem to find a link at either DHS or Whitehouse.gov sites yet, but SANS released this information yesterday:FLASH ANNOUNCEMENT: The White House just released (at 9 AM Tuesday, March 20) a directive to all Federal CIOs, requiring that all new IT system acquisitions, beginning June 30, 2007, use a common secure configuration and, even more importantly, requiring information technology rG0d (CISSP, GCIH, GEEK)http://www.blogger.com/profile/16695420070891007433noreply@blogger.com2tag:blogger.com,1999:blog-328486722023700647.post-19153601923614375972007-01-09T06:20:00.000-08:002007-01-09T18:13:26.832-08:00Dealing with Logs (Part 1): What Vendors don't tell you about Log ManagementOne of my pet projects is log management. Yeah, I know - log management doesn't sound like fun - and most of the time it's really not. I became interested in log management when the company I work for wanted to consolidate all the firewall, IPS, etc. logs for easy review and, ideally, correlation. This became a pet project of mine simply because of all the MISINFORMATION many of the vendors were rG0d (CISSP, GCIH, GEEK)http://www.blogger.com/profile/16695420070891007433noreply@blogger.com8tag:blogger.com,1999:blog-328486722023700647.post-89242258286339945862007-01-04T06:44:00.001-08:002007-01-04T06:48:28.731-08:00Month of Apple BugsIn my last post (just a few minutes ago) I mentioned that it's the Month of Apple Bugs. Logging onto a local security user's group website that I'm member of: TASK, a fellow geek (opensrc) posted an article on the forum pointing out that Landon Fuller is attempting to patch the each of the Apple vulnerabilities each day after they come out using Application Enhancer.Kudos to Landon - sounds like rG0d (CISSP, GCIH, GEEK)http://www.blogger.com/profile/16695420070891007433noreply@blogger.com1tag:blogger.com,1999:blog-328486722023700647.post-71823461717353081372007-01-04T04:56:00.000-08:002007-01-04T06:14:34.671-08:00So long Superman... Vista will save the worldI've read a lot of articles recently like this one, often quoting (mis-representing?) some very respectable sources such as SANS and Postini. They imply that Vista will somehow magically fix all the security woes that MS has been undergoing and that the internet will be a magically safer place. I'm sorry people, but that's just a pipedream!Is Vista more secure than previous OSes - for sure. Will rG0d (CISSP, GCIH, GEEK)http://www.blogger.com/profile/16695420070891007433noreply@blogger.com1tag:blogger.com,1999:blog-328486722023700647.post-63336932857192744962007-01-03T07:50:00.000-08:002007-01-03T08:14:29.601-08:00Gotta start somewhereThey say starting something new is always difficult - and surprisingly, I've put off creating my own blog for a long while. Not sure why that is: I'm not a shy person, I don't really care if people disagree with me or don't like what I have to say, and I'm certainly not afraid of my own opinion.So today, being a nice, slow day at work :) I decided to finally step up and do what several of my rG0d (CISSP, GCIH, GEEK)http://www.blogger.com/profile/16695420070891007433noreply@blogger.com1