People often think they don’t need to worry about security because they have nothing of value to an attacker. In October Brian Krebs posted an updated chart on the value of a hacked computer. The Indian is reported to have used every part of the buffalo, letting none of it go to waste. While not …
SANS’ Securing the Human has a special deal for small and midsize business (up to 750 users). Through July 15th you can get their Security Awareness training for 3k. More info at http://bit.ly/LJbotq
Over on Symantec Connect (the Symantec support forum), I frequently see people ask about the ability to automatically scan a removable drive when it is connected to a system. They also submit it as an “idea”. The Idea section is where you can make product suggestions that users can discuss and vote up or down. I …
SANS has a blog post relating an anecdote about malicious links on a Facebook wall. The author said “As for Bitly – I would use extreme caution with any links identified as source bitlyDOTcom.” I laughed because the SANS handlers are typically against links. They want you to browse with Firefox and NoScript. Always use a …
SANS posted a one-liner today reporting that Flash 10.3.181.34 was available for download from Adobe. This wasn’t entirely unexpected because Google released a new version of Chrome on June 30th which contained a new version of Flash. Adobe seems to be releasing new Flash versions to the rest of us a couple days after Chrome. Adobe …
I passed the first part of the GSE today. The GIAC Security Expert (GSE) consists of a multiple choice exam, this is what I passed today, and a two-day lab. The certification bulletin for the exam portion of the GSE is a bit light. I’m not sure that page is actually linked anywhere. It is missing the number …
I passed the GSEC (GIAC Security Essentials Certification) this morning. It is a multiple choice format test with 180 questions. I had been considering taking Security Essentials at SANS CDI in Washington DC. On the one hand, at this point in my career shouldn’t I be able to pass this certification without the conference. On the …
Today I passed the GIAC Certified Intrusion Analyst (GCIA). The blog title refers to a Dilbert strip that I keep on the wall with my certifications. As I recall Certification Man says to Dilbert “Step back from that server, I’m certified!” In the next panel he says, “funny, that’s all I recall from the certification …
The SANS ISC Handler Diary is asking for your experiences with SPF. Its funny timing because i just configured SPF for my domains last night. I’d been using SPF records previously, but when I left PowWeb for Dreamhost (which changed my authoritative DNS server) I didn’t set up SPF again. I’m using Google as the …
I was at a SANS conference in Reston this past week and did a double take on seeing the following. I dont normally go to Reston Town Center, but given the number of infosec people working in the area I imagine the jokes are all pretty much done. What is an information security restroom? If …