Security

Script for backing up to Google Nearline storage

November 11, 2015
For Everyone, Linux
No Comments

Recently I’ve been working on a mechanism to mirror a dataset from a local filesystem to Google Nearline cloud storage in an encrypted format. The costs are really the compelling factor. While I could buy some hard drives and put them at another location (called the colo-buddy system!) it just made sense to not have to deal with the logistics, maintenance, power, network, etc… Of course being me, it’s a PHP cli script, because well – me. If you’re looking…

Read More

The Internet, Privacy and your Kids!

October 2, 2006
Privacy
No Comments

If there’s ever been a touchy subject to deal with parents, it’s the raising of their children. Unfortunately in some cases it can be even worse if the parents know their own deficiencies but choose instead of facing them to let poor behaviors continue. (It’s not hard to be an Ostrich with your head in the sand.) …on that note, has anyone ever seen an Ostrich with its head in the sand? But I digress. I’m going to do my…

Read More

Government Wire-Taps

May 22, 2006
For Everyone
No Comments

There’s so much huff and puff lately about “government wire-taps”. So many people are freaking out about the erosion of civil liberties or discussing how it’s simply “illegal”. Well the facts remain: Any evidence found in a tapped call where there was no warrant is not admissible as evidence in a court of law. This means if someone does admit to committing a crime, they can’t be charged with that being used as evidence. People are losing their minds worrying…

Read More

Browser Flare-Ups

December 1, 2005
Security, Vulnerabilities
No Comments

All the rage has lately centered around the recent escalation of a “Denial of Service” Internet Explorer vulnerability that has suddenly without warning become a “remote-code execution” vulnerability. Ok, patch your systems, lock your windows and post a dog at the front door. All that aside, this raises again the issue of software patching response times and best-practice software coding. There are a number of people who are very upset at this, not because it’s yet another browser-directed exploit or…

Read More

Lock the doors and throw away the ethernet ports

October 21, 2005
For Everyone
No Comments

When a computer is connected to a network to download the latest security patches for the first time, it is truly a sheep among the wolves. Recently I wrote about this and now CERT has taken the time to publish guidelines for new computer owners. After all as they point out, the time for an unprotected computer to be compromised is measured in minutes on many networks. Many probably do not make the correlation between home computers and UCE/SPAM, DDOS…

Read More

Password Policies

September 27, 2005
Policy, Security
No Comments

I’ve finally found a password policy I can live with! Minimum length 8 characters Not in any dictionary. No word or phrase bearing any connection to the holder. Containing no characters in the ASCII character set. No characters typeable on a Sun type 5 keyboard No subset of one character or more must have appeared on Usenet news, /dev/mem, rand(3), or the King James bible (version 0.1alpha) Must be quantum theoretically secure, i.e. must automatically change if observed (to protect…

Read More

Firefox fighting the flames

September 23, 2005
Security
No Comments

Anyone who regularly reads my writings knows that I’m a strong proponent of Open Source software and the value it holds in the information community. Unfortunately in the interests of marketing, attempts are popping up to try to shake that foundation for Firefox. Basically there have been a couple high-risk vulnerabilities discovered in the code which are receiving dramatic amounts of publicity. This publicity is not actually because vulnerabilities in Firefox are often this serious, but because simple conclusions have…

Read More

New OS Installation Security

September 20, 2005
Security
No Comments

From a completely random blog involving a new installation of Windows XP: But eventually it all worked. Well, I think it worked. It was too late to actually try anything. Now I need to get it on our network so I can connect to the internet and install all the security updates. This leads me to think how many machines are compromised before well-intended patching takes place. Joe is sitting at his computer at 2:00am after fighting through a new…

Read More

Security Agenda Gaps – Veils for Society

August 22, 2005
For Everyone
No Comments

As illustrated in Bruce Schneier’s blog, the TSA is reconsidering their stance on security measures they’ve deployed against – what Mr. Schneier terms – “small pointy things”. (Clearly not in reference to some people’s minds.) In no surprising turn, this has a few ‘interested parties’ concerned, but truly that goes without saying and will go without saying more; for now. However in a follow-up comment, he points out how this relates to his concept of “agenda”. Now pardon me if…

Read More