Wednesday Dec 13

Posts Tagged ‘security’

Jun
20/08
Podcast Party with Shimmy & Mitchell
Last Updated on Saturday, 28 January 2012 06:55
Written by JJ
Friday, June 20th, 2008
Share

I guess Alan was bored, or couldn’t find a guest for last night’s podcast, so he grabbed me ;)

Of course, I was still trying to get work done at 10:30pm, but it was a nice 45-minute distraction from my dozens (or hundreds) of 802.1X technical pages. (more…)

Tags: , , , , , ,   |  Posted under NAC & 802.1X  |  Comments  Comments Off on Podcast Party with Shimmy & Mitchell
Jun
20/08
Security Circumvented: My Anti-Virus
Last Updated on Monday, 21 July 2008 11:40
Written by JJ
Friday, June 20th, 2008
Share

I recently needed to renew the anti-virus subscription on my tablet PC. Of course, Symantec popped up and let me know well in advance, and of course, I waited until the almost-last-day before I renewed.

When my renewal options appeared, there was a selection to upgrade to the shiny new Norton 360. Woo hoo! It listed all these great new security features… I don’t remember what they were… but, they sounded REALLY great (I promise).

So I went with the upgrade, instead of the anti-virus signature renewal. Okay.

It did seem like a good idea at the time. However, in addition to my overly-protective Vista popups eeeevvvvery time I want to run something, connect somewhere, or wipe my nose… Now, I have the Vista pop up AND the Norton 360 popup. Okay.

Except, the Norton pops up with flagrantly ambiguous information like “An application is trying to access your Internet.” Do I want to allow it? I don’t know. How am I supposed to know- which application wants to access my Internet? Oh, it’s not going to tell me. Okay.

Well, I guess I’ll click ‘Allow’ because I have no clue what is trying to access my Internet, but I’ll assume it’s something that I have somehow asked to access my Internet… and I’ll be quite upset if whatever I clicked on doesn’t work. So YES, ALLOW. Okay again.

And what was the point in that? One click has transformed to three, and I’m no more secure than I was before, I’m just being forced to make more clicks to earn my insecurity. So today I am the poster child of what NOT to do.

Security circumvented is quite possibly worse than no security at all. I see visions of ‘invalid browser certificate’ notices dancing in my head.

# # #

Tags: , , ,   |  Posted under Random-izations  |  Comments  3 Comments
Jun
15/08
Network Based Entitlement… A Rose by Any Other Name
Last Updated on Saturday, 28 January 2012 07:00
Written by JJ
Sunday, June 15th, 2008
Share

Shimel’s interesting-as-usual reply to one of Stiennon’s “I-hate-NAC” articles is certainly nothing new, but this most recent exchange piqued my interest enough to get me clicking and reading around a bit.

Stiennon talks about Rohati and their ‘new’ approach to NAC in the form of their NBEC, Network-based Entitlement Control. I, unlike some bloggers in our network, decided to check it out before formulating an opinion. (more…)

Jun
15/08
Contributing to the Official CISSP Courseware
Last Updated on Monday, 21 July 2008 11:42
Written by JJ
Sunday, June 15th, 2008
Share

I promised a while ago to let you all in on some of the various projects I’ve been working on over the past few months. One I haven’t shared with you yet is my participation in contributing as a SME to the official (ISC)2 courseware for CISSP certification.

It’s a huge undertaking with 10 domains chock full of every security topic you can imagine, 20 contributing SMEs from all over the worls, a handful of editors and 1 man to bring it all together. Our team leader, Dean Bushmiller has been the Project Manager for both versions 8 and 9 of the CISSP courseware and does an amazing job.

Each of the SMEs and editors have put a lot of thought and time into the materials, in an effort to create the best and most relevant content, topic arrangement and flow possible. You’ve seen how big these books are- that’s a lotta’ stuff to pull together and I admire the group, especially the domain wranglers and Dean, for keeping it all on track.

It’s a strange and exciting project. I can’t say it’s completely foreign to me, many years ago I created content for advanced Microsoft Office courses and developed official Computer Competency Training for K-12s for use in schools here. However, a project with this much mass is definitely unique.

So, that’s another little project I’ve been working on for the past several months… and will be continuing for several more. On those occasions I drop off the face of Blog World, it’s sometimes because I’m using every free moment to try and keep up with these types of projects and deadlines.

# # #

Tags: , , , ,   |  Posted under Industry Insider  |  Comments  Comments Off on Contributing to the Official CISSP Courseware
Jun
09/08
PCI, PII, a Roofer and a SSN
Last Updated on Monday, 21 July 2008 11:43
Written by JJ
Monday, June 9th, 2008
Share

Yet another J! True Security Story for you…

This weekend I met with a roofer at my rental property to take measurements, see what needed to be done and get an estimate. When we met at noon, it was over 100 degrees there in central North Carolina and we spent just short of 3 hours going over everything.

The roofer, let’s call him Ross, was from one of the larger commercial home improvement stores. This particular store was offering a consumer credit program with 12 months interest-free financing. There was also a full window replacement project to follow right behind the roof. While I was prepared to pay cash for the roof and/or windows, the no-interest option offered an advantage, so I read the terms and conditions and gave the go-ahead.

Before I realized what was going on, my friendly roofer Ross was filling out a consumer credit card application for me. I remembered thinking this was odd, as we leaned against his truck, still outside in the heat. I think I mumbled something to the effect of “oh, it’s strange they make you guys do this part too..”. He had asked for all the usuals- my current and previous addresses, annual income and – of course- my Social Security Number. And, after standing in 100+ degree heat for 3 hours, I gave it all to him without batting an eye. As soon as he had it all, he called into to the mothership and was processing my credit app over the phone as I stood by to answer any new questions.

This day happened to be Ross’s wife’s birthday and they had some afternoon plans once our appointment was over. I was his last appointment of the day before he headed home to the missus for her birthday celebrations. I thanked him for his time, wished him a happy weekend and went on about my day.

What was wrong with this picture? I didn’t quite figure it out until a tall glass of tea cooled me down and returned my brain to normal operating temperature. What in the name of security did I just do? All my information (including my new credit card number) was written down on that credit form and tucked into his little notepad with the other miscellaneous papers, product glossies and forms he was carrying around… in his personal truck… on a weekend… D’OH.

I’m sure it will be fine (that’s what we all tell ourselves, right?). But in the off chance something happens… well, let’s not even go there.

# # #

Tags: , , , ,   |  Posted under J! True Stories  |  Comments  2 Comments

More Content

Find more of my content at
- Low Tech Hacking book
- Dark Reading
- Network Computing
- IANS
- SearchSecurity
- TechTarget

Get Social

RSSFacebookLinkedinYoutube

Subscribe

Enter your email address:

Delivered by FeedBurner

NetworkedBlogs