Archive for How To
Author: Dave Lewis
December 10, 2007 at 4:46 pm · Filed under How To, OS Security
Apparently, Microsoft feels it necessary to provide a primer on why/how IT managers should upgrade to Vista. I guess this means that Vista must be worse on sales than was initially ballyhooed. Circling the bowl like Britney’s career?
The primer that I mention, entitled “How to Justify a Desktop Upgrade”, appears on a web page found on their Microsoft Canada website (via Slashdot) which says,
“The problems with positioning upgrades is that, from a user perspective, the changes may not seem significant. But from an administrative perspective, some of the security features are huge,” he said.
“So, as an IT person, who is responsible for the security of the company from viruses and for making sure that everyone is safe, there are many features in Windows Vista that I like. It does a great job of keeping people from being able to browse certain sites. It protects from viruses, because there are a lot more things that will get locked down, and the lock down tends to be tighter. You have a tougher time having things happen accidentally. Probably the biggest hassle from a security perspective [with past technologies] is that users tended to run as administrators. In Vista, that’s not the default anymore.”
OK, so this is a patch for XP then? Is that the rationale? The article goes on to outline how XP is more expensive to run than Vista. Hmm, hardware upgrades must have come down in price and I missed it (yes, I’m being sarcastic).
I love this closing line from the document:
“The increase in security – the inability for users to just simply install stuff, means that you are decreasing the amount of reactive tasks that an administrator has to perform,” said Johnson. “This allows him to become proactive in all things you want in your company.”
Wow, I guess it’s time to upgrade…yes, more sarcasm.
This just tells me that Linux/Mac are beating Microsoft’s brains into the floor. No great shock there. I can only hope that the folks in Redmond spend a little less time with their Google fixation and get down to brass tacks.
Article Link
In case the page mysteriously vanishes in the night here is a .pdf of the original.
Tags: Vista Failure, Microsoft Selling Vista, Vista vs XP
Author: Dave Lewis
November 27, 2007 at 8:24 am · Filed under Education, How To
As we speed through the day we manage to forget things. Be honest, everyone does. I have managed to offload a lot of my day using GTD and Google but, that still doesn’t solve the memory issue (but it helps). How does one improve their memory especially for a field such as security? Well, I found this article on Wired (dated Jul 13/07) that lists ways that you can “amp up” your brain.
Some examples,
Improve Your Memory.
Ancient Greek bards recited 10,000-line poems by heart. Their secret? The Method of Loci. Here’s how it works: To remember, say, a shopping list, imagine walking to the store. Use items on your list to construct incongruous visual images along the way – a carton of milk perched atop a mailbox, bananas growing on a rosebush, and so on. Then, when you arrive at the store, mentally retrace your imagined steps to retrieve all the items on your list.
Read better, faster.
Speed-reading courses preach a form of skimming that doesn’t help comprehension or retention. The best way to pump up the pace is to read a lot – for pleasure. In a 2001 study, subjects who read assigned texts increased their speed an average of 18 percent and comprehension by 11 percent. Those who read texts of their own choosing improved speed by 87 percent and comprehension by 33 percent.
Another one that they list deals with getting more sleep. Riiight, that’ll happen.
For the full list of suggestions follow the link. Have any suggestions that you would like to share?
Article Link
Tags: Improve Your Memory, Better Memory, Improved Thinking, Clarity Of Thought
Author: Dave Lewis
September 3, 2007 at 10:30 am · Filed under How To
Why can’t every data center look this good?
Read on for more examples over on MAKE.
Article Link
Tags: Data Centers, Data Center Wiring, Good Wiring
Author: Ben Blakely
July 16, 2007 at 8:13 am · Filed under App Security, Exploit, How To, News, Web Security
Fresh of the press… a dash of liquidmatrix hotness…
Here you go. On this page you will find a small POC (Proof of Concept) of a client-side (only JavaScript) spider that is based on the top of Yahoo Site Explorer PageData service which you can read more about from this page. I’ve being talking about client-side spiders for quite some time now over here and here and I even came up with POC based on Yahoo Pipes for my OWASP presentation on Advanced Web Hacking Reveled, which you can find over there.
Article Link
Tags: Yahoo Spider, Web 2.0, Javascript, Hacking, Spidering, OWASP
Author: Dave Lewis
July 12, 2007 at 1:26 pm · Filed under How To
In the course of my daily work I tend to have to rely on my lazy brain (read=Google) for information that I may have offloaded. Now here is a great resource that I stumbled on today. This is a list of cheat sheets…lots of them.
Enjoy.
Article Link
Tags: Cheat Sheets, Browser Short Cuts, Shortcuts
Author: Ben Blakely
July 11, 2007 at 8:14 am · Filed under App Security, Exploit, How To, Web Security
Good ole` IE6 - rockin` your Internet experience since 2001.
Apparently IE6 attempts to guess what you mean in certain circumstances allowing for rigid anti-XSS filters to fail when looking for precise terms like javascript: and vbscript: even after attempting to de-obfuscate. Rather than attempt to explain, take a look at this snippet from his email:
Article Link
Tags: IE6, XSS
Author: Dave Lewis
July 9, 2007 at 8:37 pm · Filed under Crypto, How To
Here are a couple of BitLocker guides from Microsoft.
The Windows BitLocker Design and Deployment guides describe the various aspects of planning for deploying Windows BitLocker Drive Encryption for Windows Vista® Enterprise and Windows Vista® Ultimate computers in an enterprise environment. The document is organized in two guides, and you should carefully consider each guide before you deploy BitLocker Drive Encryption.
Windows BitLocker Drive Encryption Design Guide
This guide provides a systematic approach when planning for BitLocker deployment and highlights the main decision points. This guide is intended for use by an infrastructure specialist or system architect. It assumes that you have a good understanding of how BitLocker and TPM work on a functional level.
Windows BitLocker Drive Encryption Deployment Guide
This guide provides detailed instructions on how to prepare Windows Vista images for BitLocker and how to deploy BitLocker in an enterprise environment. This guide is intended for use by a deployment specialist or deployment team. It assumes that you have a good understanding of how automated Windows deployment, Active Directory Domain Services (AD DS) schema extension, and Group Policy works.
Enjoy
Article Link
Tags: BitLocker, Drive Encryption, BitLocker Design Guide, BitLocker Deployment Guide
Author: Ben Blakely
July 3, 2007 at 12:41 pm · Filed under Exploit, How To, Web Security
Firstly, this theme is known for it’s rather high complexity and only a very limited number of individuals actually understand what is behind it. Therefore bringing peoples attention on it would surely not be amiss.
Secondly, there is no bullet proof solution to protect against this and the more people understand what it is about, the higher are the chances that we’ll come to a solution somewhen in future. Four eyes are likely to see better than two, so lets start.
Article Link
Author: Myrcurial
June 18, 2007 at 5:30 am · Filed under Education, How To
Good morning all…
I’d like to introduce you to this wild new concept… a _MONDAY_ posting from yours truly.
The topical material for this new Monday feature is “How to do a good job of the real job of the information security professional.” AKA, do what you need to be doing rather than what you inevitably end up doing.
For this first column, let’s consider together the MITs (Most Important Tasks) for your upcoming week. This is an idea that I’ve snarfed from several of the current crop of productivity gurus (Merlin Mann, Leo Babauta and others) and it’s made a difference in my world.
More after the jump »
Author: Dave Lewis
June 17, 2007 at 11:14 am · Filed under Apple, How To
The Viruslist has a handy how to for analyzing security on Mac OS X.
A year ago, Apple computer users were mostly design and DTP professionals, photographers and musicians. Last year, however, was a breakthrough year for the Mac in many ways. After Apple announced plans to manufacture computers with Intel processors, many began to look into Apple computers and consider them for home use. Software developers also noticed the growing popularity of Mac OS X and began to sell their own products for the new platform.
Nevertheless, Mac OS X is still poorly understood and a bit of a mystery both for users as well as IT security experts. This article aims to help readers better understand the features of Mac OS X which are critical when researching malicious programs designed for this operating system.
Article Link
Tags: Viruslist, Mac OS X Security, Mac OS X Tools
Next entries »
Explore
Security Bloggers Network
