Skip navigation

Category Archives: Information Security

Quick Hits :: 2011-02-09

Security

  • VSR uses some high-ish profile attacks from 2010 to provide fodder for the VAR community :: Security Risk: Top Hacker Attacks of 2010. I include it as the examples they provide should make it easier for folks doing presentations where they need to show real-life attacks (without sifting through the individual entries at the various data breach web site databases). [Vertical Systems Reseller]

Windows

  • Windows 7/2008 SP1 looms large. OEMs, VLCs & MSDN/TechNet subscribers get it on February 16th and the rest of the masses can give it a go on February 22nd. It looks like it has a decidedly enterprise-y focus, but one can hope it continues Microsoft on the path to robust desktop & server experiences :: Announcing The Availability of Windows 7 and Windows Server R2 SP1 [Microsoft]
  • Autoruns – the ability to automatically perform tasks when certain devices are made available to Window systems (e.g. USB sticks) – are a boon to malware writers. While Microsoft has somewhat mitigated the threat they pose in more modern versions of their operating systems, it can be tricky to make older systems safe. With the latest round of Patch Tuesday updates, they included a way to disable Autoruns in older systems. W00t! Microsoft Update Offers an Easier Way to Turn off Autoruns [PC World]
  • Succinct and informative article by Chris Sanders on how to determine if your systems is being actively compromised. Chock full of screen shots and examples of what to look for. While not exactly aimed at the general Windows community, it does provide a solid introduction to core tools that technically-inclined users should make room for in their toolboxes :: http://www.windowsecurity.com/articles/Determining-You-Actively-Being-Compromised.html [WindowsSecurity.com]

Programming

  • Pageforest helps you ship complete web applications without having to write any server-side code. You can build your application using HTML[5], CSS & javascript and the Pageforest service provides application hosting, user authentication & data storage. You only use client-side javascript and are free to include jQuery, Prototype or any other frameworks that you need to include in your app. Hosting is currently free and the site includes a full IDE to help you get started coding :: A Pure JavaScript Web Application Platform [pageforest.com]

Quick Hits :: 2011-02-08

Security

  • Originally meant to improve the security of jailbroken iOS devices, antid0te is now also available for OS X Snow Leopard thanks to the efforts of Stefan Esser. Since Apple engineers did not see fit to load the dynamic linker – dyld – at a random base address, they left a fairly significant hole that even Windows engineers managed to cover up. Stefan provide step-by-step instructions for rebasing your dyld install to give your Mac an even more increased security posture. Antid0te for Mac OS X Snow Leopard [antid0te.com]
  • Travis Goodspeed took his badge from The Next Hope conference and turned it into a promiscuous sniffer for the Microsoft Comfort Desktop 5000 and similar 2.4GHz wireless keyboards. This is a good reminder of how oblivious folks can be to convenience technologies they use everyday. It also speaks to just how easy it is to hack consumer-oriented hardware. Sniffing RF hardware communication packets[Travis Goodspeed’s Blog]

Startups/Access Management

  • This is an outstanding tutorial on how to manage access permissions to Dropbox folders. I can only hope to get my enterprise data owners to be so careful of how they dole out access to critical data. HOWTO use Dropbox to organize your startup’s documents [RevenueLoan blog]

Quick Hits :: 2011-01-07

Security

Programming

Interesting points/counterpoints on the efficacy of Node.js being tied so closely to the V8 javascript engine:

HTML5