Archive for December, 2008

7 results.
Dec30

The scourge of default passwords

by Michael Farnum on December 30, 2008 at 8:33 pm
Posted In: Security

One security issue that befuddles me is the default password issue.  When you put a device in an Internet-facing position, you really should make sure the password is not set to the default.

You can probably guess why I am ranting.  Yes, a client for whom we are performing a security assessment just received their first status report, and that report showed a MAJOR device on the Internet was set with a default password.  This device literally controls their Internet connection, and THEY HAD A DEFAULT PASSWORD ON IT.  Argh…

Normally I would write this kind of post pretty quickly in Twitter, but I really feel like it warranted a  blog post since it is such a pet peeve, especially since my blogging here has become almost nonexistent since I can summarize things so quickly in Twitter.  It seems to fit the way my brain works.  Of course, that is a whole other post.

Vet

Comments Off
Dec25

Merry Christmas to all

by Michael Farnum on December 25, 2008 at 8:47 am
Posted In: Security

image

Vet

Comments Off
Dec24

An Information Security Place Podcast – Episode 12

by Michael Farnum on December 24, 2008 at 4:13 pm
Posted In: Podcasts

 

Link to MP3

MERRY CHRISTMAS and welcome to Episode 12!  I have been sick all week, and it hit me hard yesterday and today.  So Jim and Kirk saved the day and recorded the podcast without me.  I am a little bummed that I was not on the last podcast of the year, but you would not have wanted to listen to me sounding all nasally.

So thanks to Jim and Kirk.  Here are the…

Show Notes:

InfoSec News Update:

Discussion - Using Local resources for Social Engineering

Geek Toys – Last Minute Geek Gift Ideas

Consultant’s Corner - 2008 Year in Review – the Consultant’s Perspective

Music Notes:

└ Tags: , , , , , , , , ,
Comments Off
Dec23

Another Apple Software Update

by Michael Farnum on December 23, 2008 at 11:53 am
Posted In: Apple, Sheesh
Technorati Tags: ,,

How much more crap can Apple try to fool me into installing on my machine?  Makes we want to uninstall QuickTime and iTunes.  Are they trying to convert  PC’s into Macs?  Sheesh!!

image

Vet

Comments Off
Dec11

Good Nessus 3 PCI scanning video

by Michael Farnum on December 11, 2008 at 12:27 pm
Posted In: Security

image There’s a good video on scanning for PCI compliance with Nessus 3 over at The Academy.  Go take a look.

BTW,  there’s a lot of other good stuff over there as well.  Peter and that group have put together a lot of great content that is relevant.  Browse around while you are there.

Vet

Comments Off
Dec11

An Information Security Place Podcast – Episode 11

by Michael Farnum on December 11, 2008 at 7:22 am
Posted In: Podcasts, Security

 

Link to MP3

Show Notes:

Segment 1: InfoSec News Update (Michael gets to do a little talkin’ here – and he promptly screws it up):

  • New Security Awareness video on YouTube – kinda cheesey, but a pretty good production
  • Digittrade HD Encryption Broken- “in our test, unscrewing the housing took longer than cracking its encryption mechanism.”
  • Lenovo’s new Facial recognition software defeated by printed photo
  • Massachusetts new law – 201 CRM 17.00 – “Every person that owns, licenses, stores or maintains personal information about a resident of the Commonwealth shall develop, implement, maintain and monitor a comprehensive, written information security program applicable to any records containing such personal information” – a civil penalty of $5,000 may be awarded for each violation of 93H. In addition, under the portion of 93H concerning data disposal, businesses can be subject to a fine of up to $50,000 for each instance of improper disposal.  Requires – Regular Monitoring, Documenting responsive actions taken during breach, and reasonable monitors of systems.
  • File Under DUH!Symantec Discovers Cybercrime makes money – estimates value around $1.7Bil
  • Really simple PCI FAQ that you should be aware of
  • Apple and the AntiVirus Debate – In a written statement sent to security news site Securityfocus.com, Apple explained their decision to pull the document: “We have removed the KnowledgeBase article because it was old and inaccurate,” Apple said in a statement sent to SecurityFocus. “The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100 percent immune from every threat, running antivirus software may offer additional protection.”

Discussion: BLATANT FUDPatching at the Enterprise level – Securina “virtually every Windows PC is at risk” – 98% of Windows computers are missing patches – 46% were missing more than 11 patches

Segment 2: Geek Toys and Consultants Corner

  • Geek Toys – Kensington Portable Power outlet – AS SEEN ON REGIS AND KELLY!!!!
  • Consultants Corner – Helping client dealing with a breach (specifically as how it relates to compliance issues)

Music Notes: NEW – CHECK OUT THE LINKS TO THE BANDS ON PODSHOW.COM

Vet

└ Tags: , , , , , , , ,
Comments Off
Dec03

Pretty cool security awareness video

by Michael Farnum on December 3, 2008 at 8:48 am
Posted In: Security, Security Education

A fellow CISSP shared this link to a security awareness video his company produced.  It is well done, though some of the characters might not be familiar to anyone that is not a Gen X’er or older.  Restrictions for use should be nonexistent as well since they posted it on YouTube, but don’t quote me on that.  Take a look.

UPDATE: From the person who shared the video:

This video is free to use.
I would like to note that the Duh’s Video was inspired by Scott Pinzon and
the Watchguard Bud videos.

Vet

└ Tags:
Comments Off