I can't believe it! I just got the results for the Certified Information Systems Security Professional (CISSP) exam that I took on Oct 27th and I freakin' passed!
I passed! I passed! That test is such a meat grinder that I had no idea how well I did until just now!
Woooooo!
Woooooooo!
Yeah! Baby! YEAH!
OK, I'm a little more calm now. Now back to your regularly scheduled web browsing activities.
Well if you were wondering if Microsoft pays attention to the grumblings of its userbase, you can stop wondering.
They released the official patch for the WMF exploit that has been widely publicized of late today. This is five days ahead of the expected and previously announced 10 Jan 2006 date.
Go here to download the Microsoft patch for the WMF exploit for Windows.
If you do one thing with your time in the near future, start a blog. And don't just start it and do nothing with it, start it and keep blogging.
I know from personal and observed experience that it really does pay off.
For example, my brother got his job largely based on his blogging work. He has met many interesting people because of his blogging.
I now know what my nephew is doing in school because he blogs about it where you can't get him to say more than two or three words about how he's doing in school when you ask him in person.
Based on my blogging, I now get paid to blog by Computerworld and that extra money comes in handy. I've gotten back in touch with friends that I hadn't spoken to in a long time because of my blog.
But more recently, and more importantly, I got a job because of my blogging, or depending on how you look at it, because of cat litter.
Way back in May of 2005, Greg Hughes wrote this piece on Fresh Step Crystals cat litter.
We had a bit of a conversation because of that and also from his post the next day which had a picture of the back of his RIM Blackberry 7290. That started a conversation about reception and cell phones and ways to overcome poor reception in buildings and residences.
Those conversations blossomed into still more conversations on our blogs and through MSN Instant Messenger which eventually led to me interviewing for a Security Operations Engineer position at Corillian, the company where he works. Well, I landed the job and start on December 5th. Already have a rental house lined up and everything.
I can't think of many reasons for blogging more rewarding than friendship, but a more advanced position at higher pay in a lower cost area sure comes close.
So the next time you think you are too busy to give up an hour or two a week to blog, think of all the opportunities, both financial and social, that you are missing because you didn't find the time.
People play the lottery with zero chance of winning for those moments of hope at having a better life.
You can start a blog with the same investment in time and money and be guaranteed to get back returns many times that of what you put in.
The following is excerpted completely from my Computerworld blog. Normally, I'd just give the highlights, but felt this was sufficiently important to give the full scoop on either blog.
A week ago, Microsoft released fix under KB article 902400 for security bulletin MS05-051. The patch is to fix a known vulnerability with the COM+ and Microsoft Distributed Transaction Coordination (MSDTC) subsystems in Windows.
A fix for some problems that may arise out of installation of the patch is detailed in MS KB article 909444.
There is also some information on turning on Transaction Internet Protocol (TIP) in Win 2000 machines after the patch in KB article 908620. TIP was disabled by default on XP and 2003 machines, so the article is probably not relevant for most XP or 2003 machines unless the administrator turned on TIP.
As good as UltraVNC is versus other flavors of VNC, it's still not as good performance wise as RDP.
If anyone has any ideas, let me know.
Another example of the power of blogs. Based on conversations Greg Hughes and I have had on issues from each other's blogs, we have been talking on IM as well.
Yesterday, we started talking about VPN solutions. Problems we have had with Netscreen Remote, what Greg's company uses and why, etc.
The big thing that I learned was that Cisco's VPN client allows you to reroute IPSEC traffic over multiple ports as you see fit. This is important as a lot of places now block the methods that IPSEC usually uses to create a tunnel. However, these same places don't block port 80 (HTTP - how systems connect to web sites & web apps) and port 443 (HTTPS - used to communicate with secure web sites & apps). So a VPN client that can reroute IPSEC traffic over port 80 or 443 has a great advantage over those that can't.
You can read more on Greg's blog here or on my Computerworld blog here.
My boss handed me this article on "Safeguarding Corporate Information". It talks about how new laws require companies that store data about individuals to have adequate security procedures and practices in place to not only protect the data but to also allow for prompt alerting when attacks and intrusions take place.
She asked me to look at it and see if our network meets the standards set forth in the article. After reading it, I'd have to say that it does not.
While we take reasonable measures to protect private data, we do not have systems in place that alert us if an intrusion takes place.
Which means that now I should probably start looking at Intrusion Detection Systems and other means to prevent intrusions and to collect the data necessary to meet the requirements of these laws.
Anyone know of any good IDS systems that are relatively easy to set up, that work well and don't cost an arm and a leg? I'd say anything above $5000 is right out, with $2500-$3000 being a good goal for a business this size.
Also, I was talking to some colleagues today about their plans for security of their network and they were told that Microsoft's ISA is a rock solid security solution. I don't particularly like application firewalls like that or Checkpoint because they are expensive and run ontop of a multipurpose OS (Windows). These tend to crash more often than the OS on a Netscreen for instance, are more complicated to set up and keep patched and are just plain harder to manage because if you have a problem, you have 3 vendors you need to call: the firewall vendor, the OS vendor and the hardware vendor. Whereas, with a firewall like a Cisco Pix, Netscreen or SonicWall, you have a single point of contact.
Anyhow, if anyone knows of any good IDS solutions that meet the requirements that I outlined above, please let me know.
The following is an excerpt of a recent email that I sent to users at my firm regarding phishing. I'm posting it here mainly because of the pertinent links at the bottom and also in case I need to use it again:
I'm sure most of you have gotten at least one email like the following:
Below is the result of your feedback form. It was submitted by
(KMKQ9M@aol.com) on Wednesday, March 9, 2005 at 07:12:59
---------------------------------------------------------------------------
: Dear eBay Member,
We at eBay are sorry to inform you that we are having problems with the
billing information of your account. We would appreciate it if you would
visit our website *Link removed* and fill out the proper information that we are needing to keep you as an eBay member.
If you think you have received this email as an error, please visit our
website *Link removed* and fill out the neccesary information. That way we can make
sure that everything is up to date! Again here is the link to
our website. *Link removed* Joe Watson
eBay Billing Center
Rep ID. 32A
X9F8QA
This type of email is sent out by individuals attempting to get you to divulge your personal information. This type of scam is called "Phishing".
Phishing is the newest wave in identity theft. This method uses various online techniques to fool you into providing financial and personal information to people waiting to take advantage of you.
Phishing uses spam, email or pop-up messages to deceive Internet users into disclosing credit card numbers, bank account information, Social Security numbers, passwords, and other sensitive information.
These e-mails appear to come from a legitimate company, usually a financial institution or credit card issuer, urging you to immediately reply with personal information so your account is not deactivated.
To increase the chances of people falling for this type of scam, they'll even use the company's logo, colors, and standard disclosure text. The e-mail usually will contain a link that takes you to a fake site made to look like the company's legitimate Web site.
Here are some clues that an email is part of a phishing scam:
* Look for misspellings and poor grammar;
* The Web site often does not have ''http://'' in the address bar at the top.
* There generally is an urgent tone or call to action. Phishing e-mails will allude to dire consequences, such as ''your account will be deactivated if you do not respond within 24 hours...''
The following websites have more good information on what phishing is and how to avoid these scams:
http://www.antiphishing.org/consumer_recs.html
https://www.plantersbank.net/onlineFraud.asp
Your personal banking institution's website will most likely also have information for you on how to avoid these sorts of scams as well as their policies/procedures of how they contact you in the event of problems.
Well, it looks like Symantec added protection for the strain that I reported here on Friday. The Dat file that protection was added appears to be the 18 Feb 2005 Dat file. Actual name of the strain found was W32.Mydoom.AZ@mm (Symantec's naming) or W32/Mydoom.bd@mm!zip (McAfee's naming). Protection must have been added after I went home. I notice that Postini (which uses McAfee's AV) started catching emails with the virus around 5:21 PM PST.
So this is just another reminder how even the best antivirus protection is not absolute. This virus made it through 2 zones of protection by 2 different AV vendors on Friday. And to boot, because the message looked like an email failure, it got me to open and activate the payload. Not the smartest thing I've ever done, but luckily the damage that this particular virus does is minimal.
Next time I don't expect to be so lucky and will have to be a bit more vigilant.
Looks like at least one of the scanners out there can detect the virus. Tried to send it to myself from my sonic.net account to my work account and it was blocked by either the sonic.net server or the Postini server.
Which means that the original message that was sent to me originated inside the firm. I know which system it came from most likely as I found it on one system previously today, but not before it sent out a bunch of emails.
The question still remains though, how did the original message that caused the infection make it into our email system?
Perhaps we should move to running TrendMicro or F-Secure on either our mail systems or our desktops for another level of virus security. As this is another example of how you can't depend on one vendor to give you complete security.
Trend Micro's online virus scanner also failed to detect the infected file as such.
One annoying thing about Symantec's site is that there is no way for the public to send them virus samples that is readily available.
If you click the link, you either have to be a retail customer or corp customer with contract. Now while we have a contract I don't have the time at the moment to call them up to find out what the website is.
Why not just have a public way of uploading payloads?
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| 1 | 2 | |||||
| 3 | 4 | 5 | 6 | 7 | 8 | 9 |
| 10 | 11 | 12 | 13 | 14 | 15 | 16 |
| 17 | 18 | 19 | 20 | 21 | 22 | 23 |
| 24 | 25 | 26 | 27 | 28 | 29 | 30 |
| 31 |
Recent Comments