Executing an Effective Security Program August 12, 2018 - In today’s global Internet connected and reliant IT environment, the issue of corporate networks becoming compromised is a fact. Defense in depth is still and important design pattern, but organizations with even relatively mature capabilities are relying on detection since … Continue reading
BlockSync Project December 3, 2015 - Welcome to the BlockSync Project This project aims to provide an efficient way to provide mutual protection from deemed bad actors that attack Internet facing servers. The result will be an open source set of communication tools that use established … Continue reading
Trade offs of the terrible syslog protocol August 15, 2013 - syslog is a very old message transmission protocol that transmits system messages across a network. The first versions of this protocol were drafted into RFC 5426. Some assumed updating the transmission to use TCP would make things better, and the … Continue reading
Malware Investigation Tools and Notes May 30, 2013 - Investigating possible malware involves both detection and identification phases. Here are some notes regarding the tools I commonly use for these two phases .. note this is intended to be a living document so may change as I learn of … Continue reading
Securing Apache web servers November 21, 2011 - Great article by Pete Freitag on Securing Apache Web Servers (20 ways to Secure your Apache Configuration) Here are 20 things you can do to make your apache configuration more secure. Disclaimer: The thing about security is that there are … Continue reading
90 Day Plan for New IT Security Managers March 29, 2011 - You’ve just taken over as an information security director, manager, or architect at an organization. Either this is a new organization that has never had this role before or your predecessor has moved on for some reason. Now what? The … Continue reading 
Resetting user passwords in Mac OS X Leopard without Administrator December 8, 2010 - For those odd times where you need to reset the password for a user on a Mac (OS X 10.5 Leopard) and you don’t have access to the / an administrator account, this is a procedure that will work if … Continue reading Phishing attacks getting better .. iTunes Receipts October 1, 2010 - So I get a call this morning from a family member who is freaking out over a six hundred dollar iTunes invoice. Fortunately I knew this person didn't have an iTunes account (they use mine), so I knew right away … Continue reading
Security tools August 28, 2010 - This is a (non-comprehensive) list of the various security tools I have used. I started this list to keep track of tools that I've tried out and the level of satisfaction with them. Obviously there are hundreds of tools that … Continue reading
w3af web security assessment tool gets support from Rapid7 August 5, 2010 - Rapid7, which purchased the Metasploit attack framework last year, has agreed to sponsor the open source w3af web assessment and exploit project. This is fantastic news for web application development teams, since it shows the open source (and hence more … Continue reading
How to secure your home PC November 6, 2009 - Whether you have a Mac or a Windows PC, there are some basic steps you can take to reduce the risk and personal impact of a malware infection. This advise is especially impactful when you have just purchased a new … Continue reading
Building a web security lab (with VMware Fusion) October 14, 2009 - Problem: VMware machines load boot loader immediately, no BIOS banner, so can’t get into BIOS to alter boot settings. Solution: Edit the vm’s .vmx file and add the line: bios.bootDelay = "5000" which adds a 5000 millisecond (5 second) delay … Continue reading
Electronic Health Records in Alberta September 17, 2009 - Thinking of the challenges associated with creating electronic healthcare records for all healthcare users in Alberta. Typical government projects don’t have the best track record for maintaining proper security architecture, much less implementation. Starting to dig into this for my … Continue reading
Info Sec and IT Sec books and articles of interest May 18, 2009 - Start of my InfoSec article journal and book list Not really blog worthy, but I decided to start a journal of interesting information security articles or books that I’ve found to be particularly valuable. Not all of them are publicly … Continue reading
High availability firewalls with OpenBSD, pf and CARP May 15, 2009 - One can now inexpensively build a fault tolerant firewall cluster that removes any single point of failure in the security policy enforcement points at your security zone boundaries. Synchronous firewall state table updates and an open source version of virtual … Continue reading
Linux iptables notes May 15, 2009 - Add local redirection of low port to unpriv high port Remove any existing entries: iptables -t nat -D PREROUTING –src 0/0 -p tcp –dport 25 -j REDIRECT –to-ports 11025 2> /dev/null iptables -t nat -D PREROUTING –src 0/0 -p tcp … Continue reading
Reducing malware risk by removing local Administrator privileges May 14, 2009 - Running day-to-day with a Windows account that has Administrator privileges is a recipe for disaster. Casual browsing of a website that is infected or inadvertent opening of infected attachments can result in an infection through the user’s Administrator privileges. Something … Continue reading