tag:blogger.com,1999:blog-17965252149136991482011-04-21T12:53:39.027-05:00Leonard's Soapbox for security, privacy and more.Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.comBlogger471100tag:blogger.com,1999:blog-1796525214913699148.post-41420790684777233982007-06-05T07:20:00.000-05:002007-06-05T07:58:36.709-05:00

The software developers constantly talk about responsible disclosure.Responsible disclosure is basically defined as informing the software developer of a vulnerability so that the vulnerability can be researched and fixed. This is compared to full disclosure where the vulnerability is announced to everyone without giving the software developer a chance to fix the vulnerability. Contrast this

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com4tag:blogger.com,1999:blog-1796525214913699148.post-69467503807760423272007-05-31T06:31:00.000-05:002007-05-31T06:55:12.380-05:00

It has been reported the the popular Google Analytics has been compromised. The details are in the ISC Diary Entry titled Google Counter ... isn't.What this means to the average user is that any web site that uses Google Analytics, and there are more than a few that use this free service, will attempt to infect your computer.Wat is the average user to do? Disable javascript and break most web

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com0tag:blogger.com,1999:blog-1796525214913699148.post-57864191801052746262007-05-30T16:03:00.001-05:002007-05-30T16:24:19.613-05:00

I have talked about patching a few times.I have also discussed how I have found Microsoft Windows systems that where configured for automatic downloading of security patches, but where not patched in Cup of Hot Cocoa: Patch Warfare II.Now it appears that Microsoft has taken notice and has released patches to fix the problems with the automatic updates, and manually using Microsoft and Windows

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com0tag:blogger.com,1999:blog-1796525214913699148.post-49337157599389304672007-05-25T00:00:00.000-05:002007-05-25T00:38:49.023-05:00

It used to be that that you could avoid certain types of sites and avoid most malware. Add a good antivirus software are you where pretty safe. Not any more just about any site can be used for drive-by-downloads.Now even major sites can participate in spread infections just by displaying advertising. The dark side submits an ad that downloads malware by just viewing the ad on a site.This has

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com3tag:blogger.com,1999:blog-1796525214913699148.post-9675210205871155892007-05-20T05:40:00.000-05:002007-05-20T08:14:11.688-05:00

Who knows you better than your peers?It seems that there was a contest for university students to create videos to increase awareness of computer security among university students.The contest was conducted by the EDUCAUSE/Internet2 Computer and Network Security Task Force, the National Cyber Security Alliance, and ResearchChannel.Even though the intended audience is college and university

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com0tag:blogger.com,1999:blog-1796525214913699148.post-10283791203975838312007-05-09T21:59:00.000-05:002007-05-09T20:57:20.037-05:00

The PlotBack in November of 1998 the movie Enemy of the State was released starring Will Smith as the harassed citizen that was tracked with every asset the government had including satellites. While I do not claim to have access to any details of what the theses satellites can do I can make a few statements safely.No one casually moves satellites between orbits. Simply put they have a limited

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com2tag:blogger.com,1999:blog-1796525214913699148.post-55899000389064970972007-05-06T06:27:00.000-05:002007-05-06T07:16:05.728-05:00

I try to avoid posting what everyone else is posting, but this case is special. Due to the number of AOL users I'm going to post this brief message and link to the original post.Brian Krebs posted AOL's Password Puzzler on his Security Fix Blog yesterday May 5th. In short even though AOL allows passwords up to 16 characters it *only* uses the first 8 characters. I'll be the first to admit that

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com0tag:blogger.com,1999:blog-1796525214913699148.post-17308973865439899422007-05-02T04:12:00.000-05:002007-05-02T04:29:43.326-05:00

Picture this:Security Bozos are happy to welcome you to the 2012 Olympics. Please excuse us while we limit the size of your drinks, run you through bomb detection equipment, search your belongings and in general disrupt your ability t0 enjoy the games. Please note that there will be a number of winners that will receive full body cavity searches.Or this:The 2012 Olympics are brought to you by [

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com2tag:blogger.com,1999:blog-1796525214913699148.post-25588933231268778232007-04-17T22:13:00.001-05:002007-04-21T22:22:44.428-05:00

Now that I talked about the Internet culture in general in Out of the Mists of Antiquity... I will discuss the inevitable dark side,In the beginning there trust and sharing, but alas this was not paradise, just another place for humans to interact.One of the earliest, and well know, examples of the dark side is the flame war. This is the term given when two or more parties disagree on a topic

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com1tag:blogger.com,1999:blog-1796525214913699148.post-57042340561708157272007-04-17T22:13:00.000-05:002007-04-17T22:55:41.962-05:00

The only way to really understand something is to go back to the beginning, and the dark side of the Internet is no different. Without light there can be no dark so that is where I'll start.In the beginning there was ARPANET (Advanced Research Projects Agency Network) which begat the Internet.First understand that in sharp contrast to the standard mainframe centric standard of the day (1960s)

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com0tag:blogger.com,1999:blog-1796525214913699148.post-61645359465072522472007-04-11T23:09:00.000-05:002007-04-11T23:09:33.681-05:00

Shame on me after complaining about MS and their marketing hype, on the other had you can start sending SPAM to one of the lesser know TLA governmental agencies.Now getting serious the Securities and Exchange Comission (SEC) wants pump and dump SPAM forwarded to them.The Internet Storm Center (ISC) has a diary entry here that contains additional information and information about other non-US

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com2tag:blogger.com,1999:blog-1796525214913699148.post-90723597384355032572007-04-11T00:07:00.001-05:002007-04-11T00:08:05.694-05:00

Lets start this out by saying that Vista was designed to be more secure, and it appears to be headed in the right direction there. Just don't get me started on DRM.Once again Vista, the impenetrable, that is according to the marketing hype has been proven vulnerable. There was the ANI vulnerability that MS rushed a patch out for last week, and now during the regular update there is a second

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com0tag:blogger.com,1999:blog-1796525214913699148.post-30020678170291321722007-04-10T14:39:00.000-05:002007-04-10T15:17:45.170-05:00

OK, I've gotten it out of my system. I'm not a fan of Vista I have two main issues in regards to Vista:The fact that Digital Rights Management (DRM) has some control over my system, and can degrade or disable viewing "premium content" when someone else feels that there is a potential for me to steal premium content. I'd call that guilty unless proven innocent.Then there is the marketing, I

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com0tag:blogger.com,1999:blog-1796525214913699148.post-20582548961089096452007-04-02T21:53:00.001-05:002007-04-02T21:53:59.087-05:00

Everyone has had a cold and everyone will continue to get colds. Science, and your doctor, have tried to eradicate the common cold, but to no avail.Why are we still saddled with the common cold. Lets go to the root cause, which is, excuse me, are viruses, and by viruses I mean uncountable millions. Common cold viruses are so numerous that no one has attempted to even count them, common cold

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com0tag:blogger.com,1999:blog-1796525214913699148.post-18846792454726634072007-04-02T00:24:00.000-05:002007-04-02T01:16:29.811-05:00

No this is not an April fools joke.Once again the dark side has come out with a nasty, and this one is so bad that the Internet Storm Center (ISC) has raised the threat level to Yellow which ISC describes as:We are currently tracking a significant new threat. The impact is either unknown or expected to be minor to the infrastructure. However, local impact could be significant. Users are advised

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com0tag:blogger.com,1999:blog-1796525214913699148.post-92216156441186363302007-03-28T00:25:00.000-05:002007-03-27T23:25:38.390-05:00

MySpace, YouTube, Web 2.0 there is so much happening and available out there. It is all exciting and there are so many possibilities opening up.The freedom of the Internet and web works both ways. The same technology lets you explore web sites on the other side of the world allows anyone in the world to attack your system and steal from you.In the real world people choose where to go and can

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com0tag:blogger.com,1999:blog-1796525214913699148.post-1412599646985042882007-03-27T00:00:00.000-05:002007-03-26T23:12:00.610-05:00

Everyone likes to keep their hot Cocoa hot. So travel mugs are insulated, and have a lid to help keep it hot. Yes it keeps it in the mug as well, but you can argue that keeping more in the mug helps keep the heat in ;-)Which brings me to the topic at hand defense-in-depth for the PC.If it was made by man, it can be hacked and cracked by man.- AnonymousAbsolutely nothing is foolproof! On the

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com0tag:blogger.com,1999:blog-1796525214913699148.post-80228250490477487022007-03-26T21:49:00.000-05:002007-03-26T22:08:49.173-05:00

Is a credit card better than a debit card, or vise-versa.In the US the credit card wins hands down, by federal law the credit card is responsible for fraudulent charges to your account. No such protection for debit cards exist, even if they are used as a "credit card."A short, and unfortunately true, story to illustrate the issues with a debit card.A man goes through a fast-food drive through

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com3tag:blogger.com,1999:blog-1796525214913699148.post-7835118576412316362007-03-26T00:00:00.000-05:002007-03-25T22:08:18.783-05:00

There was a comment posted asking why I was against the approach of shuffling buffers around in my post entitled Exploit Longevity (http://sec-soapbox.blogspot.com/2007/03/exploit-longevity.html).Before I can answer I need to make sure that we have a common understanding of buffers and buffer overflows.What is a Buffer?A buffer is a portion of memory where a program stores information that

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com0tag:blogger.com,1999:blog-1796525214913699148.post-15115375054558461222007-03-20T21:10:00.000-05:002007-03-20T21:36:20.666-05:00

Ever notice how some exploits just seem to stay around forever?There is actually a simple, but in my opinion ugly, explanation for this. As usual an example can be worth a thousand words, and I’m going to use rpc18.c as an example:////////////////////////////////////////////////////////// Windows RPC DCOM Remote Exploit with 18 Targets// by pHrail and smurfy + some offsets by teos//// Targets://

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com3tag:blogger.com,1999:blog-1796525214913699148.post-87489662900278203312007-03-17T23:00:00.000-05:002007-05-30T16:02:02.814-05:00

What to do?FirstEither update you machines religiously on every Black Tuesday (the second Tuesday of the month when Microsoft releases security patches). I don't trust Microsoft update. I have seen too many machines that have it running and are still unpatched days after new patches are released. I know many of these machines where left running over night to update. So my conclusion is the

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com0tag:blogger.com,1999:blog-1796525214913699148.post-66987055743727156512007-03-16T00:01:00.000-05:002007-03-26T23:12:56.818-05:00

Back in the day...In the PC world patches where a rare thing. You purchased a program and then when the next version came out you either upgraded or didn't end of story.As programs became more complex and we actually began to use more of the growing set of features. We found bugs and software companies began to supply patches. If I recall correctly (IIRC) most patches where actually a whole

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com3tag:blogger.com,1999:blog-1796525214913699148.post-36648560253619611692007-03-15T21:31:00.000-05:002007-03-15T21:53:53.488-05:00

Consider the following quote for a minute:Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted.— Gene Spafford (in e-mail to organizers of a workshop on insider misuse)I' say reactions for this statement cove the whole range. From "Them's fight'in words" to laughter to

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com0tag:blogger.com,1999:blog-1796525214913699148.post-85045254654627176302007-03-12T20:39:00.000-05:002007-03-26T23:12:56.819-05:00

Less is More!Less running or installed on your computer is more secure. With less running on your computer there are fewer attack vectors (http://searchsecurity.techtarget.com/sDefinition/0,290660,sid14_gci1005812,00.html).To make sure we are all on the same page consider that everything that us running on a computer is a potential weak point where the system can be compromised. Unnecessary or

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com3tag:blogger.com,1999:blog-1796525214913699148.post-86173866007165504682007-03-09T10:05:00.001-05:002007-03-09T10:34:37.645-05:00

...or do I hear a train coming?Microsoft has announced (http://www.microsoft.com/technet/security/bulletin/advance.mspx) that there will be no Black Tuesday (no security patches) this month. Have we finally turned the tide? I think not.SANS Internet Storm Center keeps a list of knows security vulnerabilities that are not patched "The missing Microsoft patches." (http://isc.sans.org/diary.html?

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com4tag:blogger.com,1999:blog-1796525214913699148.post-37274689148850610852007-03-08T07:34:00.000-05:002007-03-26T23:12:56.821-05:00

Based on my recent blog entry on insecure endpoints "https is all I need, right?" (http://sec-soapbox.blogspot.com/2007/03/https-is-all-i-need-right.html)Joe of 2 Guys Named Joe (http://www.2gnj.com) wants to know how to determine if he is secure and if his information is already out there.First my warning the Cocoa is very hot be careful that you do not burn your tongue. In other words there

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com0tag:blogger.com,1999:blog-1796525214913699148.post-84649553658086252362007-03-07T23:07:00.000-05:002007-03-08T07:26:01.690-05:00

MS PatchingOfficially called Patch Tuesday is the second Tuesday of the month, and is the date that Microsoft released their patches for the month.Many users, and small companies, have set their computer to automatically update. These computers will daily check for updates, and apply them as they are releases. Or not...It appears that the shear volume of computers attempting to check for

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com0tag:blogger.com,1999:blog-1796525214913699148.post-32985863030354014442007-03-06T09:05:00.000-05:002007-03-06T09:05:19.747-05:00

Old, but still relevant.Wisdom consists in being able to distinguish among dangers and make a choice of the least harmful.— Niccolo Machiavelli, The PrinceValue vs. CostThis is still one of the hardest aspects of security today. What are your different assets worth and how much will you spend on protecting them? The difficulty raises when intangible assets are involved. How much is a customer

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com0tag:blogger.com,1999:blog-1796525214913699148.post-49991963445431425312007-03-05T01:00:00.000-05:002007-03-05T04:10:13.906-05:00

Everyone talks about only sending you information over a secured connection when ordering or sending personal information over the internet, but is that all you should be concerned about?Using encryption on the Internet is the equivalent of arranging an armored car to deliver credit card information from someone living in a cardboard box to someone living on a park bench.— Gene SpafforIn other

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com1tag:blogger.com,1999:blog-1796525214913699148.post-27837201935992623912007-03-04T21:00:00.000-05:002007-03-04T20:55:58.746-05:00

In the BeginningBack in the old days it was the curious looking to expand their understanding of systems. They could hack together a program in fact the best hack was the most concise and elegant code.Organic EvolutionSome of these hackers turned their focus deep into the bowels or the computers and their operating systems. Of course this required a higher privilege level so cracking into

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com0tag:blogger.com,1999:blog-1796525214913699148.post-75829156553410086082007-03-03T01:00:00.000-05:002007-03-03T09:28:29.702-05:00

One simply one. One crack one unguarded entry point of entry or one moment of opportunity. So true, and so deadly at the same time:We only need to be lucky once. You need to be lucky every time.— The IRA to Margaret Thatcher, after a failed assassination attempt.Probably the most famous example of one point of weakness is Achilles heel (http://en.wikipedia.org/wiki/Achilles%27_heel). In short

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com0tag:blogger.com,1999:blog-1796525214913699148.post-57003330877649641042007-03-02T01:00:00.000-05:002007-03-02T12:17:06.073-05:00

The basic premises is that you defend every attack vector. While the attacker probes for the one weak point where your defenses can be bypassed or breached.Securing a computer system has traditionally been a battle of wits: the penetrator tries to find the holes, and the designer tries to close them.— M. GosserWhen possible in the physical world fortifications are used to limit the attack vectors

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com0tag:blogger.com,1999:blog-1796525214913699148.post-63640000357582292722007-03-01T05:30:00.000-05:002007-03-01T05:31:32.352-05:00

As I mentioned previously I started blogging after being a guest on the "2 Guys Named Joe" podcast (http://twoguysnamedjoe.libsyn.com/).Recently I was invited back to discuss VoIP AKA Voice over IP (http://www.answers.com/main/ntquery?s=voip&gwp=13) for their current podcast 2gnj Episode 30: Ed Wants VOIP (http://twoguysnamedjoe.libsyn.com/index.php?post_id=185540).I really enjoy doing the

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com1tag:blogger.com,1999:blog-1796525214913699148.post-72289652604199215542007-02-25T08:08:00.000-05:002007-02-25T15:49:23.498-05:00

The user's going to pick dancing pigs over security every time.— Bruce SchneierThis in one sentence summarizes how the bad guys penetrate defenses time after time. how can that cute little game be harmful.This is also why Vista's UAC giving administrator rights to every setup program that is run.

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com2tag:blogger.com,1999:blog-1796525214913699148.post-33277653569457774172007-02-23T07:46:00.000-05:002007-02-23T23:07:14.734-05:00

Now this is getting to be truly secure:"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts."- Gene Spafford, Ph.D., Purdue CERIASI like to expand on this by having the concrete cover computer sealed in a lead box that is dropped off at a random location in the ocean... then of

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com0tag:blogger.com,1999:blog-1796525214913699148.post-62090457687506339082007-02-22T07:44:00.000-05:002007-02-22T07:45:46.349-05:00

Everyone runs across quotes in their digital life, and some are worth sharing."There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order."-Ed Howdershelt (Author)

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com0tag:blogger.com,1999:blog-1796525214913699148.post-78478147901571141302007-02-21T10:27:00.000-05:002007-02-21T11:08:33.120-05:00

The Register has a good blow-by-blow article on Vista Security (http://www.theregister.co.uk/2007/02/20/vista_security_oversold/). As you would hope for it covers the good, the bad and the ugly. This is true despite an inflammatory remark, especial if taken out of context as it is here:In a nutshell, Windows is single-handedly responsible for turning the internet into the toxic shithole of

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com0tag:blogger.com,1999:blog-1796525214913699148.post-211300264281998322007-02-20T12:32:00.000-05:002007-03-08T07:33:18.910-05:00

The story begins like this:Has the Transportation Security Administration's website been hacked? All indications are yes, and that a malicious phishing attack has been launched against travelers...-http://blog.wired.com/27bstroke6/2007/02/homeland_securi.htmlThen it gets worse.Read the article and it this is any indication of the professionalismbe afraid be very afraidUpdate 3/8/2007: Congress

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com0tag:blogger.com,1999:blog-1796525214913699148.post-66618916232938484542007-02-20T12:19:00.000-05:002007-02-21T10:27:50.524-05:00

Every month Windows or Microsoft Update will download patches and fixed to your computer, but what about all the other non-Microsoft software?To check on upgrades for popular and multimedia software simply use the Secunia Software Inspector(http://secunia.com/software_inspector/).

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com0tag:blogger.com,1999:blog-1796525214913699148.post-61057938999254101092007-02-14T17:50:00.000-05:002007-02-22T01:45:08.710-05:00

I can just hear it "We can re-build it better, faster, more secure... the 6 million dollar OS"Is it really better or just a new meal for the predators of the InternetMicrosoft Vista is a rewrite of the desktop version of Microsoft's flagship Windows OS. It is touted as the most secure, stable, advanced OS yet. What is the reality behind the hype?Anecdotally:No major company is even interested in

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com0tag:blogger.com,1999:blog-1796525214913699148.post-10435153415914033002007-01-30T06:47:00.000-05:002007-01-30T06:56:29.726-05:00

An old joke in the security community is:Two people are walking on the Serengeti and they notice a lion is stalking them.The first person stops , pulls out running shoes and puts them on.The second person states "You can't out run a lion."The first person states "I don't I have to out run the lion. I have to out run you." The moral is that the easiest "kill" is the one most often taken by the

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com0tag:blogger.com,1999:blog-1796525214913699148.post-85001885508521460392007-01-25T05:12:00.000-05:002007-02-21T13:30:26.656-05:00

I now know why Acrobat 7 doesn't have Acrobat 8 as an upgrade. So far it seems to be a downgrade in ease of use and quite slow.Now I upgraded because lately there have been several issues with Acrobat 7 that were notpresent in Acrobat 8. Additional details on the vulnerabilities at the end for those that wish more information.Anyway I decided to update to Acrobat 8 only to losefunctionality and

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com0tag:blogger.com,1999:blog-1796525214913699148.post-23985488888722043232007-01-23T21:40:00.000-05:002007-03-08T08:30:34.550-05:00

With my recent post concerning password tools it seemed like a good idea to discuss passwords and what makes a reasonable password. I wont get overly technical or as in depth as Perfect Passwords (http://www.syngress.com/catalog/?pid=3420) which is full of good advice for the average user and administrator.The Good, Bad and UglyGood: Secure passwords are long and complex making it difficult

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com0tag:blogger.com,1999:blog-1796525214913699148.post-34473585304507766042007-01-23T21:26:00.000-05:002007-01-23T21:39:29.414-05:00

Apple has released a fix (http://docs.info.apple.com/article.html?artnum=304989) for the Quicktime vulnerability first announced July 2nd, 2007 (http://www.kb.cert.org/vuls/id/442497).Per the Apple site, URL above:"Impact: Visiting malicious websites may lead to arbitrary code execution"

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com0tag:blogger.com,1999:blog-1796525214913699148.post-84911258347497709642007-01-23T09:59:00.000-05:002007-03-08T08:54:42.863-05:00

Passwords are the bane of security. Users hate them. Technical support spends too much time with password problems. Other options cost too much up front imagine spending thousands of dollars to setup a solution that costs an additional $100 or more for each user.Different systems have different requirements for user IDs and passwords. Password expire at different times.Some site use

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com0tag:blogger.com,1999:blog-1796525214913699148.post-11077262534769460992007-01-22T22:52:00.000-05:002007-03-08T07:33:38.001-05:00

Sun Java has this nice "feature." Every time you update it the old version is left behind.Which is great if you have some Java program that needs that version. For the rest of us it leave old, hopefully unused, vulnerable code laying around.oh by the way it's not just a few megabytes. Per the MS "Add/Remove Programs" each version takes up between 60+ MB to over 100MB. Not that I've verified that

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com0tag:blogger.com,1999:blog-1796525214913699148.post-25099031534713302792007-01-22T07:43:00.000-05:002007-01-22T08:05:39.088-05:00

Every, or nearly every, programming course/tutorial starts with a "hello world" program. so in my initial post I pay my respects to this tradition.I have been in the IT field for over 20 years and have worked, contracted and consulted to and for many companies in many capacities. Currently as I have my CISSP I am concentrating on security.I plan using this blog to discuss security related

Leonardhttp://www.blogger.com/profile/13692766164366215532noreply@blogger.com1