Skip to main content

Posts

Showing posts from October, 2011

VirusTotal - Free Online Virus, Malware, and URL Scanning

I found out about VirusTotal today. It's run by a Spanish company, and offers free, online virus checking. http://www.virustotal.com/index.html The best part in my mind?  It's crowd-sourcing your anti-virus. You submit a suspect file, it's scanned by 42 different anti-virus applications, and the results get displayed to you.  If the file is picked up by at least one of the 42 anti-virus programs, then they each get a copy of the file to test to improve their products. By you testing a file, you're potentially helping keep everyone safe.

Reading List for 24 Oct 2011

A few good articles I read today: Tool lets low-end PC crash much more powerful webserver Hackers have released software that they say allows a single computer to knock servers offline by targeting a well-documented flaw in secure sockets layer implementations. http://www.theregister.co.uk/2011/10/24/ssl_dos_tool_released/   Down the Rabbithole Podcast Episode 4 - Effective Small Business Security http://podcast.wh1t3rabbit.net/down-the-rabbithole-episode-4-effective-small-business-security   Pocket Guide To Securing Mobile Devices With workers bringing their own smartphones and tablets into the company, IT security needs to focus on creating a more secure environment, not on securing each device http://www.darkreading.com/security/vulnerabilities/231901557/pocket-guide-to-securing-mobile-devices.html   Stay Cool, Nobody is Calling Your Baby Ugly Conversations for developers and information security specialists. http://www.veracode.com/blog/2011/10/stay-cool-nobody-is-calling-your-baby

Electronic Communications Privacy Act and the Cloud

Great article from Threat Level.   Worth the read, and giving some thought to how you or your company may be affected, especially if you are a foreign company with cloud services in the United States. ECPA allows the government to obtain, without a warrant, any content stored in the cloud — such as files in a Dropbox account, if it’s older than six months. It goes without saying that there was no such thing as cloud-storage services available for the average Joe Sixpack when Reagan was president. Now those services have become mainstream, yet the Reagan-era law applies. http://www.wired.com/threatlevel/2011/10/ecpa-turns-twenty-five/

Running a Security Program without a Budget

I've been thinking more and more about small businesses and security recently.   Most small businesses don't have the budget to run their own security program.   These organizations, that employ many, many people, are often left vulnerable.   Larger organizations have the budget to fund a security program, while most small businesses don't. I've pointed out before  that most small businesses don't have an information security program. I spotted a great article earlier today that dealt with the concept of security below the poverty line , and it contained both a podcast, and a link to a research paper published by the 451 Group.   I'm not going to link directly to the research, as the 451 group decided to make it available for free through The Ashimmy Blog , and not through my site.  Credit where credit is due. As a small business owner, what 4 steps can you take to drastically improve your security? Introduce an acceptable use policy.   Let your employees know

SANS Ouch! - October 2011

The latest edition of SANS Ouch! is out. Every month they publish a newsletter directed at the typical web user.  Not those of us with a heightened awareness of security, but people like your office manger, mail room clerk or your parents. This month's newletter deals with a critical step in protecting your data.  Backups. I encourage you to take a look, and disseminate it to your staff.   In fact, they even encourage you to do that. http://www.securingthehuman.org/resources/newsletters/ouch It is available in English, French, Arabic, Italian, Korean, Malaysian, Polish, Portuguese, Spanish, and both Simple and Traditional Chinese. You can now follow Securing the Human on Facebook and Twitter too. http://www.facebook.com/securethehuman http://www.twitter.com/securethehuman

Conference Call Systems and Security

I found a very interesting article talking about the security surrounding conference call systems, and the ease there is with some systems to allow you to eavesdrop in on calls. Your competitors are simply dialing into insecure conference call lines and silently listening in. This happens at all levels … from the executive team making bajillion dollar decisions all the way down to those of us in the trenches talking shop on the technologies we use to build solutions. And the problem is only going to get worse as the workforce continues to migrate to more distributed environments. It's a great article, and a really good read.   I even mentioned it to an acquaintance, and told me of a time it happened to him. The Vulnerability We All Love to Ignore - NovaInfosecPortal Scary.  (And not in a good Halloween-type scary...)  

Domino not starting on Windows 2008 R2

If you are like me and setup your Domino server on one IP address and move it to another, under Windows 2008 R2, you may end up in a situation where the server refuses to start after you change the IP address. To fix it, add the following line to your notes.ini file, replacing 192.168.100.50 with the IP of your server: TCPIP_ControllerTCPIPAddress=192.168.100.50:2050

Facial Recognition on Spark

There are many privacy concerns about facial recognition. Imagine being able to identify someone by taking their photo with your phone.   What about combining that with cloud computing to determine someone's address, and date of birth?   Or perhaps their Social Security Number? Worse yet, who is already using facial recognition?   What if the police were using it in conjunction with CCTV feeds to track you, or someone you know?   What if criminals were instead? There was a great piece on Spark, a radio show on the CBC that shows how technology affects our lives.  I encourage you to have a listen. http://www.cbc.ca/spark/2011/09/spark-157/

Published: Securing Lotus Domino For the Web - Email Relay

Due to issues I had with Scribd, I'm posting my paper entitled "Securing Lotus Domino For The Web - Email Relay" here on my site. Enjoy! Securing Lotus Domino for the Web - Email Relay