Roger's Information Security Blog

I installed Tynt Insight on here tonight.   Tynt is JavaScript on the webpage that tracks when cut and paste is used on the page.  More importantly it adds attribution.   Generally when I’m copying a couple of sentences to quote in a blog post I have to grab the URL separately.   This makes it a one step process, so attribution is more likely.  

So if I have written:

Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi.

When that is copied and pasted it will look like

Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi.

Read more:  http://www.infosecblog.org/apage.html#ixzz0JSUnUmvQ 

 I saw it in use on Wired and really wanted it, so I tracked down what they were using and then did some more searching.   I see some people think it’s really obnoxious.   I think it just helps people attribute properly, and isn’t in your face otherwise.

There are WordPress plugins to add Tynt so I don’t even have to edit the theme.  So far easy as pie.  

 If you think Tynt is creepy there is a opt out available at their site.

I decided to move over to WordPress. 

Currently I’m working on keeping thinks up and running with a minimum of 404s.  Once all of that is cleared away I’ll be looking for something besides the default theme.

Commenting is set to moderate first time posters.   I dont know if wordpress is smart enough to recognise old posters.   Once I see that the spam filtering is still ok, I’ll probably loosen that up.

6 years ago I started blogging.
I keep hearing people disparaging blogging. The kids today think blogging is too lengthy, just tweet it. The CEO thinks he doesn’t have time to read a blog, so put it in a podcast. The tech guy says who uses RSS anymore. The Facebook “Like” button is taking over the web as the new way to share a link. I’m still having fun with it. I still have people stopping by to make me part of their day. Thank you readers.
Here’s to another year of making our computers safer and protecting our data.

I noticed this week that a site out there is using wp-o-matic to present my work as his own information security blog.
Some people incorrectly think that a RSS feed is a permanent license to do whatever you want with content. Its not. While it doesn’t look like it, I do spend a lot of time on posts trying to make them semi-literate. Reposting withing credit or link-back steals my Google juice. Without attribution they are clearly plagiarizing my work. Not cool.
I think that presenting my work as his own is a violation of the CISSP ethics.
I may need to put a footer on each post in the RSS feed. “This post and more like it are available at Roger’s Infosec Blog www.infosecblog.org”
If you’re interested in learning more about your rights as a blogger regarding plagiarism check out CopyScape
This post is not about the people who have asked and the people who do link back. I appreciate that you like my work and provide some traffic back my way.

I’ve used Twitter as a follower for a while now. I’ve decided to create a Twitter account for Infosec related stuff. Mark Cuban says more people find his blog via twitter or Facebook than Google. That is generally going to be people sharing links. Lets face it, his controversial posts are designed to create a link-storm. My posts, not so much. However it is true that Twitter is used as a search engine for people looking for up to the minute information. Also while its kind of a no-no in my opinion to ask for link sharing on a website, follows in twitter of routinely done.
It seems a bit foolish to open another account to update when my updates to the blog have been less frequent. Fortunately the twitter lifestyle doesn’t require a spell-check. Please shoot me if I ever spell “you” as “u” however.
Follow me on Twitter @InfosecTweet

A little housekeeping blog post.
I’m moving webhosts this week. My old host is progressively more annoying. A few years ago the owners sold out to a company that operates many web hosting brands. After quite a bit of migration headache, things seem to have stabalized. Nevertheless, my contract is finally up, and I’ve decided to move on. I have a real problem with the attitudes displayed by the moderators on the hosting companys forum. It was once a place of help. Now all they do is quote “we are not $company employees, contact $company support.” So much for peer to peer help. The last straw for me was when many customers were hacked and the company didn’t communicate beyond forcing a mass password change.
The new host has SSH access which should make routine maintenance a bit easier. They also offer 50 GB of space off for non-website related things like backups.
During the transition, I decided to refresh my style a bit. (although I am worried that this one is used by too many people already). The new style caused my AJAX comments to not work. So we’re back to the default comment submission method. That means more spam in the moderation queue.
So pardon the dust as I find widgets to add/remove.

I installed the Facebook Connect Plugin for MovableType. Its supposed to allow you to login using Facebook credentials and share the comment back to your Facebook wall. The login seems to be working sort of ok in Firefox (once I allowed all the Facebook javascript to run). But in IE, its not working at all. I’m not sure if that is because I am using AJAX comments or if its caused by something else.
That is the state is going to remain in for a while.

I’ve upgraded the blogging software over the weekend so let me know if you spot any troubles. You can get an email address for me on the home page, just click on the link and solve a recaptcha.
Now that I’ve upgraded, I have OpenID 2 support which allows me to offer Yahoo logins for commenters. Unline the AIM openID login, Yahoo allows you to setup a alternative screenname (and by default uses a guid which is really unfriendly) so your email/IM address isn’t disclosed in the process.

I was reminded by a commenter that I’ve missed my blogaversary.
Four years ago yesterday I began this blog.
Time sure flies by.
Thanks to search engines that found the site. Thanks to feedburner for letting me know how many people have subscribed via RSS (or ripped the site off via RSS). Thanks to the readers and to the commenters. Thanks to MovableType for providing the software.
Here’s to another year securing computers and data.

I have installed the AJAX comment system. It has the side effect of requiring javascript being enabled in your browser to submit a comment.
I’ve also re-enabled anonymous comments. Hopefully the javascript will throwoff some of the automated comment spammers.
I’ve seen a press release from Yahoo stating they are implementing an OpenID beta at the end of the month. Hopefully shortly after that there will be a plugin to make using Yahoo accounts to comment here just as easy as using AIM accounts.