Josh More's Blog's Comments

Comment on Certification – Conclusion by UnBlock MySpace

UnBlock MySpace — Fri, 26 Jun 2009 11:08:51 +0000

Who does your SEO work? Nice Job!

Comment on Mythic Monday – The Bunyip by Paul

Paul — Tue, 19 May 2009 03:04:47 +0000

Avoid porn & gambling sites – AND file downloads! That cool game or tool that you read about or saw a link to? Why would you trust it?

Comment on Small Business Attack – Denial of Service by Josh

Josh — Thu, 14 May 2009 13:17:18 +0000

You are quite right to tisk me.

What happened was that I migrated my old site over to Joomla and Wordpress. At initial launch, both of them were properly standards-compliant, but as updates were applied and different modules/extensions changed, it drifted from that. I realized this a few months back, but was working on a site redesign, so I figured that I could just handle it then.

However, you’re right, I should remove at least those tags now.

They’re gone. Thanks for letting me know.

Comment on Small Business Attack – Denial of Service by Matt

Matt — Thu, 14 May 2009 02:01:13 +0000

You might want to remove your valid xhtml tags from the bottom of your pages…the current one has 32 errors and 10 warnings…another page i checked had 2 errors…tisk tisk

Comment on Mythic Monday – Medusa and Immutability by Josh

Josh — Wed, 25 Mar 2009 02:20:51 +0000

That was an interesting article, and like many of the commentators over there, I’m not terribly surprised. I had hoped that Medusa was still part of our common culture, but I suppose I could be wrong. I know that when Neil Gaiman wanted to do an Orpheus story in Sandman, he realized that he had to basically retell the entire story, because most people wouldn’t catch the allusions.

Society morphs as time goes by, and the common culture milestones become decreasingly common. I think that this is OK and just how things go. However, I hope that posts like the Mythic Mondays approach security from an interesting angle as well as potentially introducing readers to stories that they might not be too familiar with. (Thus far, they’ve been Greek-heavy, but that’s not going to last, believe you me :) I try to identify the particularly weird ones and give a bit more context. I don’t know how well I’m doing at that yet, time will tell.

I am certain that there are some very interesting security lessons to be learned from more modern sources like movies and video games. However, I am simply not familiar enough with those sources to write about them. Maybe someone else (someone younger?) will pick up that torch.

Comment on Mythic Monday – Medusa and Immutability by Paul

Paul — Tue, 24 Mar 2009 23:54:39 +0000

I was shocked to learn how few people actually do know Medusa and other common tales that most of us take for granted. (And these statistics are from well-educated people.)

http://scienceblogs.com/cognitivedaily/2009/03/casual_fridays_generation_gap.php

good points, though.

Comment on Small Business Defense – AntiPhishing by Paul F

Paul F — Sat, 21 Mar 2009 00:04:27 +0000

Some other things that help:
* User should not have administrative rights on pc. Ideally, one should run the email client as a user with minimal permissions. On XP, you could set up a shortcut that uses run-as.
* Text email really isn’t that bad. Outlook and Thunderbird both support showing email as text, and give you the option to switch to HTML on an email-by-email basis. This way, you view those only those emails in HTML that you trust. Of course, getting average users to buy into this isn’t easy. It takes some getting used to, but it works.
* Email should run in a sandbox. Look at how much better Chrome has performed over the other browsers at CanSecWest, due to its sandbox approach. Shouldn’t email take the same approach.

Comment on Small Business Defense – Antimalware by Josh More - Starmind Blog » Small Business Defense - Patch Management and Defense in Depth

Thu, 19 Feb 2009 14:13:50 +0000

[...] can apply hardening techniques like those above and antimalware techniques like HIPS, as mentioned earlier. You can lock down your network and user rights. There are a lot of other things that you can [...]

Comment on Small Business Defense – Antimalware by Kim Singletary, Solidcore

Kim Singletary, Solidcore — Thu, 12 Feb 2009 17:56:02 +0000

One of the issues is understanding what is malware. On a general basis it should be classified as ANY software that was not authorized to run on a system. The defense is how to protect it from landing on your systems. The best way is to have strong controls not only at the application but also at the configuration level. Many of today’s malware are entering through other applications (browsing, injections etc) and some are stealthy that they are disguising as drivers and java code. Strong file integrity monitoring and dynamic whitelisting could actually save money in the long run by providing a host defense against 0-day vulnerabilities and other changes. The key is to keep it all running after all!

Comment on Grinnell and Giving by Nate

Nate — Wed, 17 Dec 2008 04:53:01 +0000

Like you I also went to a small liberal arts college that is now trying to grow. They used to have a cap at about 1200 students and they are exceeding that now and building new facilities and larger dorms.

Ego comes into play. Every school president wants to have a building project or addition — something to be remembered for during their tenure.

I wonder if these schools look at their costs and the number of students they have and and realize that the number of students they have is not enough to support their continued operation long term. Maybe there is some king of magical “tuition to services and programs ratio” that a smaller school would have difficulty achieving.

It was once explained to me that when you give back to the school and the school grows and improves that long term it will enhance the value of Alumni diplomas as well. Frankly, I would rather see the schools grow better than bigger. I suspect there may be ways to do this without substantially growing the size of the student body, but that it would be the harder path.