 |
Breaking
eBusiness and Search News |
|
 |
Yet another script to mount an AWS S3 bucket in Linux
This was a script written by Alex Brooks who gave me permission to use the base script and change it along the way. Mounting a bucket in S3 on a linux box can be a tricky issue, especially when it does not want to set the permissions to the bucket right so that the average web server can use it. While the integrated person management system is awesome, sometimes you need to set up your bucket manually and latch onto it manually. Unfortunately while this is stupid easy in Windows, in Linux it can be a bit of a chore.
Thoughts on Mobile Security and Applications
Note: I wrote this for a client last summer who was looking at a banking industry application. The application was poorly written, and I hope that they have since fixed it. It makes an interesting concept that last summer we were talking about banking and smart phones, then to see a number of these issues crop up in the news since then. Mobile phone security is something very important, but we seem to keep on falling by the wayside. There has to be a happy medium between functionality and security, but we keep on missing the mark.
Cloud Computing in Education
I was up late last night talking to some of my very old contracting buddies from a long time in my past. We were talking about the adoption of cloud computing in the enterprise, and the influence that is having on the ability to hire employees who really get cloud computing, virtualization, security, cryptography, and a ton of other things that you can do on someone else's hardware and disk images.
Who Really Has Browser Control?
Interesting tidbit over at Techdirt this morning about a Grease Monkey script called Fluff Busting Purity formerly known as Facebook Purity. While the Techdirt article is good, there are some interesting side issues here that should be noted.
Hijackers Expose Serious Security Risk To Enterprise Facebook Users
Control your info has taken administrative rights to hundreds of groups on Facebook this morning - which is going to prompt a stampede of fear across the Facebook landscape. Looking at the security of social networking - this is going to be a bad day for many groups on Facebook.
How Hackers Are Trying To Penetrate Cloud Computing
Now that my two cloud servers have been up and running long enough for scanners, hackers and other folks to find them. What is interesting is seeing what kind of hacker activity the two cloud servers are seeing, and how they are standing up to being exposed on the internet.
How To Enact Data Privacy Within Your Enterprise
We all have a vested interest in how data and data privacy is enacted by companies, regardless of the environment, cloud, mobile (laptop, cell phones), private Data Center, or anything else that is a combination of the above. Companies have a vested interest in keeping their customers data private and clear of distortion or error. Consumers and people in social networks also have a vested interest in making sure that the data they share is not abused or misused.
Developing Streaming Video Content Within The Cloud
We are in the process of building out our own streaming video server at the school, and tinkered around with Darwin from Apple for a bit. While it ended up not being the product we are going to stick with because it needs a completely different link structure than http, and it is difficult to embed, actually you can't embed any videos on a web site we have gone past the software. In the mean time, installing Darwin is very simple on Amazon Web Services, so here is a quick how to do this.
Using The Cloud To Build Streaming Video
We are in the process of building out our own streaming video server at the school, and tinkered around with Darwin from Apple for a bit. While it ended up not being the product we are going to stick with because it needs a completely different link structure than http, and it is difficult to embed, actually you can't embed any videos on a web site we have gone past the software. In the mean time, installing Darwin is very simple on Amazon Web Services, so here is a quick how to do this.
Archos Releases More Data On Their Newest Tablet PC
As the buzz and lust over gadgets continues unabated, the Archos Company is on a smart track to deliver smaller touch screen media players that can do a lot of other things along the way. With a small store, and a small group of core dedicated developers, Archos is leading the way to small pad enabled computing devices while everyone waits for the Crunchpad and the mythical Apple Tablet or Media Pad system. The Archos 5 is here now, but wait, something cooler is happening on the 22end of October 2009, the Archos 9 comes out, and that might be worth the wait.
Building Your Start Up In The Cloud
Now that the wireframe is done for the startup, we are looking at the backend architecture for what we want to accomplish. The idea of using the cloud to cut down on costs is nothing new, and my new startup will be heavily leveraging Amazon Web Services (AWS) and Elastic Compute Cloud (EC2) to keep costs down, but provide a robust service to people who will be coming to visit the web site.
Keeping Your Content Management System Updated
If you do nothing else today hackers have been busy coming up with a new Wordpress hack that is making the rounds this week. While Wordpress hacks are nothing new, Lorelle on Wordpress says that this attack is going to be bad, and is bad right now.
With ISPs Tracking Bittorrents Has Pirate Bay Finally Lost?
After losing the court case, after the multiple attacks against the site, after the buyer for the site waffling, and now with the loss of its primary ISP, is it time for the Pirate Bay to simply fade into Bittorrent lore? I know this will upset many who use Bittorrent, but it is a question worth asking, is the fight still worth fighting.
Software For Staying Up To Date On Real Time News As It Happens
Obviously you can tell that I have been far too busy at work to do much of anything else, but what is worth talking about is just how Gist and Lazy Feed have been incorporated into my daily routine in working through the processes I have to do at work, mostly in the realm of developing course content and course context for our huge fall launch.
Huge Security Flaw Within Tag Based Systems
Louis Gray pointed out a new reading system yesterday called Lazyfeed, and overall I am pretty happy with it, but like all tag based reading systems, spammers and other miscreants have so corrupted the general tag base to get their message in front of people that tag based systems need something else to make sure they are delivering good valid content for the search strings provided.
Addressing The Real World Educational Needs Of Information Security
What has been interesting is the amount of interest in the information security program that we have written lately, and this includes how we are using technology in an educational environment, as well as the view of information security and who we are as an industry.
Running Your Mac Book From An SD Card
Booting your Apple Mac Book just got tons easier, and easier for forensics or people who have locked themselves out of their computers. Boot up in a fresh image off your SD Card, and the whole drive system is all yours to do things with.
T-Mobile May Have Been Hacked
A message to the full disclosure list showed up today claiming to have access to the entire back end infrastructure of T-Mobile. The message to Full Disclosure today from Pwnmobile claims to have hacked into and own the majority of the data on the T-Mobile phone systems today.
Software Needs To Be Conducive To Learning
When you are looking at Knowledge Management, education, training, these all fit into knowledge management systems. It does not matter what system you are using, what matters is the environment you are creating to support internal and external goals for learning. If the systems, if the content, and if the presentation is not conducive to learning, it does not matter how well you create content.
Should Maintaining The Accuracy Of IT Certification Be Ongoing?
You are only as safe as your expert opinion . But then the question is, what if the expert opinion is followed, and you are certified and you still get a data breach that costs the company millions of dollars.
Understanding How A Hacker Thinks
Wonder how a hacker thinks? Take a look at a three year old discovering their world and you have a very good idea on how a hacker thinks, no boundaries, no layers, and the whole world is wide open for discovery.
Past Employers Have Equal Power Over Credibility As Your Resume
Louis Gray wrote an article about how Skill or Luck can influence how people perceive your ability to do work. Sometimes a bad organization can haunt you forever, and this goes for just about any place you choose to work.
Facebook Tests Volatility Of Malware And Phishing From Swine Flu
Early news reports indicate that a new phishing attack is happening at Facebook right now, so be very careful what e-mails you click on. With all the attention that phishing and malware is getting between the swine flu and other events happening right now, this is a good time to remind folks, be careful of what e-mails you click on.
Twitter Had Its Admin Infrastructure Cracked Causing Alarm For Social Networking
Nothing says "going to have a bad day" than to have someone crack open the admin panel to one of the hottest social networking properties out there. But Twitter has had at least one of their admin accounts cracked, with pictures both on Mashable and Korben.
What Are The Major Benefits From Being Certified?
And why you are at it, also get a certificate in something techy along the way. Is college the right path to succeed? With all the layoff's and an economy still stuck in the downturn or at least struggling at a pseudo bottom, the question of college as a way to make it through the hiring process is something that you should be thinking about.
Does Your Business Have A Social Media Plan?
Companies in many cases are struggling to come up with a plan on how to manage social networking within an organization. There are so many moving parts that trying to align all those parts into a cohesive whole will require that the organization transcend the standard silo mentality and embrace social networking as a core competency of the organization. You need people across many disciplines with many different talents to make a social networking plan work. You even need a social networking damage control plan for those just in case controversies that are going to happen in the blogosphere.
Tips To Help With Your Cloud Computing Project
Just finishing up the final touches on my first big cloud computing project, and there was much to learn here, some pitfalls and some promises in the cloud that might help you with your cloud computing project.
What Happens When The Internet Infrastructure Gets Hacked
The discovery of a stealth router botnet changes the landscape for hacking devices connected to the internet. Many security people have been talking about what is going to happen when the infrastructure gets hacked; the interesting part is now we get to find out.
The BBC Controls A BotNet For Viewer Benefit
This is what happens when television people get their hands on 22,000 compromised computers and think it would be fun to play around with a Botnet.
Hacking WordPress Through Security Flaws
Bandit Defense has posted a new Wordpress hack, but there are some things you need to know about first. The biggest one is that it relies on poor security at the hosting company, and already knowing the password to the Wordpress website you want to hack.
The Next Big Thing To Learn Is Cloud Computing
Whenever you roll out a new technology, there are always changes to how people perceive that technology, and the ramifications to employment that technology has. Cloud computing is disruptive, allowing fewer people to do stuff that an entire IT Shop used to do.
Bypassing Internet Communication Restrictions
Steve Hodson from Win Extra quite rightly asks what we can do in the face of restrictive or repressive internet social media. The good thing is that this is an easy question to answer, because humans have been working their way around authority since we began. Not everyone is a fan of authority, and the internet makes it very easy to bypass internet restrictions.
Pirate Bay Final Trial Day: Will Torrent Trackers Win?
This was it; everyone made their closing arguments on the relative merits of the evidence in the Pirate Bay Trial. The question on everyone's mind now is what the actual verdict will be, with no idea when that will come through the system.
Making Government More Secure With Open Source
If you are the British government, you are seriously thinking about it, and Scott McNeely is looking at the same thing for the Obama administration. This could get interesting.
Pirate Bay Enters It's Fifth Day In Court
The prosecution again tries to enter new evidence into the trial resulting in a quick break, a smack down, and the prosecution having to share everything or stop trying to do American style legal proceedings. Peter asks if this is to be a political trial, more fun and games in the court room.
Experimenting With Amazon Google Hacks
Sometimes it is not about what you can find, but what you can't find that makes Google more interesting. In the highly competitive world we live it, here are some Google hacks for Amazon that will let you know what is not currently being carried by Amazon.
Dolphin Stadium Hacked For Super Bowl
In what is becoming far too normal, the Dolphin Stadium Web Site was hacked for a few hours and was delivering malware to people who visited it.
Expanding And Enhancing Your Career Search
Your new job search needs to incorporate much of the new technology as possible. While Dice and Monster might be good, to find real viable jobs, it is time to expand your search and how you search for your next gig.
Understanding The Differences In Business And Technology
Business relies on technology to reach the customer, technology relies on business to find those customers, yet sometimes there is a failure to communicate that leaves everyone wondering what happened.
Use Acunetix Blind SQL To Identify Web Vulnerabilities
Cool presentation on YouTube on how to use the Acunetix Blind SQL Injection Tool for data mining systems. In all honesty, this is a great video to watch.
Monster Gets A Monster Of A Hack Again
Monster has been been hacked again, along with USAJobs.gov (which monster runs), this time with a loss of information for people who are seeking jobs. Be careful which job opportunities you respond to, and change your password.
Microsoft Cuts 5,000 Jobs
This is much less than the 9 to 16 thousand that has been thrown about on the internet since December. But news has hit the street, yes indeed Microsoft is going to lay off 5000 employees. This gives a lot of credibility to Mini-Microsoft this morning who basically posted a warning back in December that something was going to happen.
Avoid Warning Flags in Your Resume
There are just some resumes that set off every warning sign when it comes to the potential hire. These are people that just will never make it through the hiring process, and here is what you can do to avoid being a "red flag resume".
Learning Hacks The Chinese Hackers Use
You might be surprised by how mundane this list is, most security engineers should have them in their toolboxes as well. A few here are new to me, and worth sharing.
Two Security Sites Close Amid Economic Pressure
The poor economy hits two more security web sites, making news and sharing of information security information that much harder to find.
Can Your ISP Be Trusted With Personal Privacy?
As the new Comcast Bandwidth throttling scheme goes on line today, Techdirt asks why no ISP's are coming forward to say that they are working with RIAA?
Israel and Hamas Take to The Virtual Streets
If you are not paying attention to what is happening in Israel with the escalating war between Israel and Hamas, then you really need to. This is how cyber war is fought, and how information security is more important than bombs or guns.
Google Offical Hacking Database Closes
Over a month ago, Johnny I hack stuff, the Google hacking database was reported to be shut down, and today all that is left is a video of Christmas in Kenya.
Security Professional Need to Test Network Penetration
How do you tell a good security company from a bad one? That is the problem, do you really know you are getting the experts you are paying for.
Use Google Hacks Once a Month to Seal Content Leaks
As I play around with a number of newer Google Hacks, the more I realize people have to find out what is in Google about their company and their systems.
Hackers Seek Intellectual Property Security For Malware Kits
There is interesting news coming from the hacker underground that hackers are trying to enforce their Intellectual Property when it comes to malware kits.
How Can The US Be Losing The Cyber War?
Something I have been saying for at least the last year has finally gotten national attention, now we need to work out what to do about it.
Risk Management In All Aspects of A Company Is Important
There is a link between IT risk and the overall company risk posture. Techtarget has a fascinating read for every security engineer out there, including the CISO. It is hard to quantify risk.
Security Engineers Have Good Reasons Using P2P Software
Let us face it, I use P2P, and in many ways that people do not expect, I use it for Joost, I use it to down load software like open office, and Linux distro's, I also use it to download hacker tools to test and research.
Developers Need to be Aware of New VoIP Malicious Tools
Infosec Events has released downloadable copies of tools from ToorCon X, go get them and have a good time on your network or on your PC.
Potentially Malicious VoIP Tools For Developer Awareness
Infosec Events has released downloadable copies of tools from ToorCon X, go get them and have a good time on your network or on your PC.
Are The Days of A Dishonest Internet Over?
Are the days of lying on the internet over with? If you take a close look at the results from the Lori Drew Cyber Bullying case, this might just be the case.
Coping With Layoff Survivors Guilt
If you are one of the fortunate that survives a company's downsizing or mass layoff, you might wonder why you have a huge mistrust of management right now. It is called survivors guilt, and there are some things you can do to help yourself through it.
Bypassing Restrictions On Software Is Now Legal
Who knew that it was lawful to bypass restrictions on software, like Coupons Inc's software that allowed printing coupons and essentially start printing coupons off like it was money.
Taking VMWare Out In Chunks Made Easy
About five years ago, I worked with VMWare, and noticed that the VMWare security model worked great when pages where called as one chunk, so if you called the vmCtxMenu.html without a login context the page would come up non-functional.
Two Fresh Apple Security Hacks
Two new chunks of malware are making the rounds this week that allow an attacker to download code of choice on your apple computer.
Azureus : The Latest Search Engine Hack
This interesting Google hack returns 134 entries in Google, and 63 in Microsoft's search engine, Yahoo returns 216 results. This quick Google hack allows someone to go in and see what someone is sharing with Azureus, one of the more popular bittorrent clients out there.
How Can We Protect Web 2.0 From The Cyber War
No Surprise security engineers falling behind in hacking skills. There is no reason that we should as a security profession be losing the cyber war, or failing to protect our companies, and our friends from cyber attacks.
Don't Be So Quick To Jump The IT Ship For Good
One of the negative aspects of the current economic troubles is that there are a lot of folks dropping out of IT, and many of them plan on staying away from corporate IT forever.
Sinowal is a Serious Security Threat
RSA Security Blog has a fascinating digest of the Sinowal Trojan, and the idea that is has been in operation since 2006, compromising nearly 300,000 on line banking accounts.
Test Cases in Your Browser with Selenium
One of the hardest things to do is build out automated test cases for testing the security of your web server. Building out test harnesses is a pain to do, but something that needs to be done not just to stress your web server, but to check on conditionals and security flaws or even not called API strings within the confines of the web server.
Remove Botnets with Bothunter
Security bloggers network releases a handy new tool to help you hunt down botnets on your network.
Data Management Continuum Guidance
All data follows a lifecycle from initial creation and storage, to protection and retention, and each of these phases has differing and unique requirements. Thus there should be a range of storage devices and processes to address these varying requirements. For example, enterprise devices, while having higher redundancy and performance are not as flexible as mid-range arrays and represent a higher cost per GB of capacity.
Emerging Threat Trends for 2009
The Georgia Tech Information Security Center has released what its trends an indicators are for emerging information security threats for 2009. Unfortunately, these are all things we have been battling for years and just not winning.
Twitter Tech is Handy for Terrorists
In addition, we are not just talking about threatening people over twitter either. A draft US Army report thinks that Twitter could become a terrorist's best friend.
Belgium Outlaws Hacker Tools, Leaves Security Holes Open
When good laws go bad, Belgium opens the door to some seriously fun Google Hacking, by outlawing tools, but not addressing poor security measures in the first place.
The Security Department Needs to Step Up to the Challenge
With the economy in the tank, now is the time for the security department to get creative and start supporting the business, and help it grow. There is no room for the standard reaction of "no" this time around; we will be in the recession for at least another year.
Disaster Recovery Plan in Case of SaaS Failure
Over the last week, the SaaS community has been roiled by the arrest of the CEO and CFO of Entellium a SaaS provider in Seattle. Here is what you do if your back end service provider goes out of business.
How to Reverse Engineer Malware
Eric Landuyt over at Data rescue walks through a chunk of malware that is using BITS as its communications path.
Google Maps Gets Myth Busted
Maybe you can see those 51 areas in Google maps, maybe you can't, but researchers are trying to debunk the original idea of censorship and Google maps.
Know the Hacker that Hits Your Business
Do you know what kind of hacker is hitting the companies' access to the internet? It could range from the run of the mill script kiddy to the more elite and interesting corporate intellectual property thief. It is important to know, because this will help you arrange your corporate defenses better.
Learn Cloud Computing With Cloud Ave
Want to know what the deal is around cloud computing? Then head on over to Cloud Ave, a new multi person blog that is all about cloud computing.
Do SysAdmins Steal Data?
With the unprecedented melt down of Lehman Brothers yesterday, a huge EDS layoff, and even eBay looking at layoffs, one has to ask, who is minding the store on customer records and customer data?
Hackers attack the LHC
The shiny new Large Hadron Collider has been hacked, with hackers taking over the Compact Muon Solenoid detector. The hacker group 2600 of the Greek Security Team has claimed responsibility.
Should ISPs Have To Monitor The Internet?
You have to ask where are the parents in this argument, but MP's in the UK propose that ISP's and other internet firms do a better job of policing the dark side of the internet, the problem is that there are not enough people to do this, and some of what you come across will scar the average person for a very long time.
Easy malware diagnostics for your site using Google
Interesting little handy trick for seeing if your web site has been listed as malware, with a nice diagnostic screen for you to use on any web site out there. If you have been tagged as a malware delivery site, this diagnostic can give you a very good idea of what to look for.
51 areas you can't see on Google Maps
An interesting article over on IT Security on some of the areas in the world that are blurred out in Google Maps, either due to the sensitivity of the subject, or via pushback from concerned groups.
Security Flaws in Google's Chrome Browser
Now that the enormous amount of noise over the debut of the Google chrome browser has died out a bit, what does it look like from a security viewpoint?
Is a Security Certification Necessary?
Two great posts on "to cert or not to cert" in the never ending debate on if a security certification is the right thing to do reopens the contentious debate.
Update Your System to Prevent DNS Exploits
HD Moore has released an exploit module for the Metasploit framework, meaning script kiddies and every other security person and wanna be is going to be downloading, if they have not already, and are playing around with DNS on the internet today.
Beware of Media Defender Malware
More on the social malware front today, this one is set to generate fear in the e-mail recipient, no one wants to get a message from Media Defender, and when they do, they are going to open the attachment.
Watch Out for Joomla Hack That Resets Your Admin Password
There has been a spate of hacking against a popular open source software package called Joomla using a password forgery hack to reset the administrative password on your Joomla powered site.
MySpace and Facebook Hit With New Social Malware
Both MySpace and Facebook are being used to target botnet malware using MySpace and Facebook friend links.
Anti-Spam Measures To Block Out Stupidity
A new web site that promises to use the same kind of technology used in Anti-Spam measures to block out rampant stupidity from reaching your eyeballs.
Protecting Your Laptop When Traveling
The rules have finally been released about what can be sized at the US Border, and it is not pretty this morning.
Are You Responsible for Full Disclosure?
What is right or wrong with full disclosure of a particular vulnerability, and where should information security professionals draw the line?
Hacking The Hypervisor
With all the talk about cloud computing, virtualization, and systems management, this month there are going to be three discussions about hacking the hypervisor that takes us right to the root of cloud computing and virtualization of systems.
The Right Way to Promote Your Brand Stream
Wondering if those metrics on your web site mean that you are losing audience right and left, might not be that way, people might be getting information off your site in a different way, from RSS through Friend Feed, comments and conversations off your site on comment dumping systems like disqus, stumble upon, video on YouTube or Blip.TV, the problem isn't your web site, it is all the other social networking systems you have plugged that web site into.
Problems Ahead for IT Jobs
In the never ending need to meet ROI and keep economizing while people spend less, IT jobs are looking increasingly insecure, but like all things there is a silver lining to all the generically bad news that has been increasingly making the headlines.
City System Admin Locks Out Everyone
Terry Childs is cooling his jets in jail, while the city of San Francisco tries to get back control of its FiberWan network, this is why no one single person should ever have total access to anything.
Modem Systems Remain Vulnerable To Attacks
ICMP packets containing modem reset or shutdown commands, you would think that this very old attack would not be happening, but it is, and it is still fairly effective.
SQL Injection Finder Tool
This handy newly updated tool from the Code Plex can help parse your IIS Logs looking for the standard command sequences that indicate someone is trying to do an SQL injection attack against your IIS Servers.
Rouge Employee Selling Company Exploits
Fast company has a stunning article on a HP employee who is developing Zero Day exploits for HP products, and then selling them on the open market. Do we really know what are developers are doing in their off hours, and what should we do when they impact the security of our products?
Information Security Skills That Are In High Demand
What's new, what's next, how you can develop skills that will make your employer much happier, and maybe move up in the local company food chain, with better ability to survive the next two years.
Breaking Privacy Policy Rules
The disconnect between information security and the rest of the company marches on smartly in a report by Forbes.com.
Government Security Certification Guidelines
Government Computer News pushed out an article on the 25th that you will end up reading four or five times until the entire story hits you.
Information Security Certification Guide
Information Security Certifications are part of the credentialing landscape for an information security professional, and in many ways, those just generally interested in the subject.
New SQL Injection Scanners from Microsoft and HP
Microsoft and HP have both released separate tools to help companies scan their web sites for SQL injection flaws that will lead to a compromise of your web site.
Use Your Open Source Skills to Help Reddit
Reddit has opened up its code base to the public at large in an effort to help take on other social networking systems.
Be Very Careful When Doing an Investigation
It is heart rendering to find something illegal, horrifically illegal on a person's computer when doing an investigation.
A Runaway IT Project Failure
Bruce F Webster on his blog this morning at brucefwebster.com has a fascinating article called "anatomy of a runaway IT project". For those of us who are fascinated or studying IT Project Failure, this is well worth reading.
Reddit Needs Your Open Source Skills
Reddit has opened up its code base to the public at large in an effort to help take on other social networking systems.
Firefox 3 Worldwide Countdown
If you have been playing around with the beta Firefox, today you can download the whole new package, and this is a download that is worth your time.
Mac Security Configuration Guide
Apple has released the Security Configuration Guide for OS X V10.5 Leopard for both the client and the server. These are must read documents if you are on an enterprise, or even just a casual user, with an Apple Mac OS X computer.
Use Your Resources for the Greater Good
If you feel like taking on a real challenge, and have some spare CPU cycles to donate then this might just be the thing for you to do. The GPcode virus uses a 1024 RSA key to encrypt contents.
Does Your Resume Pass The Prescreening Test?
Generally when someone is looking at your resume they are after two things, one finding the highest quality candidate that they can find for the money they have (not necessarily the cheapest, just the best one in budget range for the position), the second one is someone that will work well within the organization.
Be Reliable and Trustworthy in Information Security
Kees Lune comes up with an interesting blog article titled: Essential Truths in Information Security: Be Reliable and Trustworthy. He states,
How to Hide Your Surfing Habits from ISP's
Earlier this month I talked about a program called antiphorm, which was designed to simulate a user casually surfing the internet.
Microsoft's IronRuby Integrates into Dot net and Silverlight
Microsoft introduced IronRuby at the RailsConf in Portland, with integration into dot net and silverlight, this is a good thing, as showing off integration like this is important to keep dot net as part of any Web 2.0 lexicon.
FXCop Checks the Coding Practices of Your Dot Net Assemblies
FXCop is one of the very few free tools you can use to check on the coding practices of a dot net assembly.
Hacking Oracle Database Configuration Files
This Google hack is fairly interesting when you can get into the configuration of an oracle database because someone forgot to put a password in front of the web login. Stunningly, we found one such system, and if we had been evil, we could have owned this database system in less than 3 minutes.
SQL Ninja Hacking Tool
There is a certain amount of respect earned when someone makes a hacking tool that not only does what it is supposed to do, but does it elegantly as well. While this tool is aimed at professional pen testers, this is one tool that should be in everyone's information security toolbox.
HackerSafe Program Not So Safe
And with cause, if XSS is not a security issue, then there are at least 62 doomed sites carrying the HackerSafe/McAfee logo that could seriously damage someone's day.
Career Guide Meets Manga Style
Daniel Pinks new book "The Adventures of Johnny Bunko: The Last Career Guide You'll Ever Need" has hit the streets, and to appeal to me, it is all in manga style presentation. Below follows the video trailer for the book in case you want to go out and get it.
Making A System Do What You Want It To Do
One of the things that many of the people I work with want to know not only that something works, but why does it work the way it does, and then how can they get it to do something other than what was intended.
AntiPhormLite Kills ISP Monitoring of User Behavior
With all the anger about Phorm and how it tracks user connections to deliver advertising to those users, it is not surprising then that someone would come up with a way to negate part of the ISP monitoring that is happening.
A Proposal for a Military Botnet
This interesting story comes from COL. CHARLES W. WILLIAMSON III, in the Armed Forces Journal, the only real question is when will this go live, and if they use other than military computers, how would you feel about hosting a military botnet on your links.
Dark Reading's Top Database Hacks
If you are wondering just how hackers are working their way into your back end databases, Dark Reading has a list of the top six database hacks being used in the field today.
Understanding How Bitlocker Works
In an ongoing debate on if Bitlocker is truly secure, and if not what are the best ways to hack into the system, you need to understand how bitlocker works and what platforms it is used on.
Will Lawsuits Define the Future of Information Security?
Dark Reading and Anton Chuvakin are talking about how the threat of litigation for what a company did not do to prevent a security breach might be more compelling to companies to improve their information security standards and posture.
Two Big Hacks: IIS and WordPress
If you have been following the news lately, two big hacks, one in IIS and one in WordPress have been making the rounds, with hundreds of thousands of servers compromised. Someone needs to be hitting up their security department to do some due diligence.
Are You A Top 10 Percent Employee?
A-Talent, we all want it, we know we want it, because we know that when you hire an A-talent person that they do a lot of output, some of it bad, most of it phenomenally good and worth your time. But what does that mean to the other 90% of the organizations members, and how does this influence moral amongst them?
New Oracle Hack
Never assume anything, now you can't trust even typed data with oracle.
Information Security Ethics
Interesting conversation over at Slashdot on the idea of senior management playing fast and loose with compliancy and systems/network audits. The idea of management dropping in their legal obligations as one thing, but as far as information security goes, this is not the first time, and not the last time that security by check box has been an issue.
Identity and Data Theft Update
If you are at the least bit interested in what is happening in the world of data theft and identity theft these are two must have resources in your favorite RSS reader.
Maximize Your Mac
Sometimes you just run across some guy in the back room that is writing about something they love, and Max the Mac is one of those under sung folks who is busy writing about the Apple Mac, the cool stuff you can download, buy, or otherwise make work on your apple computer.
New Students Don't Want IT Jobs
From cube farms, to narcissic personality disorder. From Outsourcing to psychopath managers, people who will never get it, budget issues where IT is always on the edge of the ax, finger pointing to downright hysteria over the latest to chase technology, somehow a free gourmet lunch just does not make up for the strangeness that is a job in IT.
Information Security Programs
If you ever have the chance, it is well worth your time to go through the information provided about the Masters of Information security programs at various colleges.
Our Broken Information Security Business
4.2 million accounts were exposed in a supermarket data hack.
Would You Work For Your Ex Employer?
Interesting question coming up as we loose a key participant in a project, while they are moving on, the company asked if the person would be a 1099 contractor to them to finish up remaining projects.
Job Requirements Are Out Of Control
The flip side to the "Please do not Lie on your Resume" article is the "Out of control job requirements" that some people put up on sites like Dice, Monster, or on their own sites.
Security Engineers Approach Things Differently
While in general I disagree with Bruce Schneier more often than I do agree with him, on his "Inside the Twisted Mind of the Security Professional" I have to agree with him. He has hit on one of the more fundamental differences in approach that security engineers have when it comes to solving a problem.
Do Not Be Dishonest On Your Resume
The most annoying thing for a hiring manager is to go through a resume, cull it down and start on the phone interviews, only to find out that the person lied on their resume, and could not do the job that has been advertised. I don't know the real statistics, but Forbes describes them as "substantial".
Pay An ISP Surcharge To Use P2P?
There is an interesting idea being floated out of SXSW on how to deal with privacy and piracy by proposing a five dollar surcharge on users of P2P technologies at the ISP level.
IT Worker Shortage?
It is time to do the annual H1B visa process again this year, with its 65,000 allotted slots to bring foreign workers into the USA. Last year the allotment of H1B visas ran out in a day, this year promises to be more of the same, but are we really having an IT worker shortage, or are we having a skills shortage?
G-Archiver Pulls Their Software From Distribution
G-Archiver, the software that was previously caught by coding horror and blogged about here has pulled the version of the software that captures user credentials and e-mails them to Google. From the time it was discovered by Coding Horror on the 7th through to this morning when the tainted version was pulled is about 5 days.
What Makes A Good Project Manager?
What is a good project manager? The definition of a good project manager from a bad project manager is subjective, but there are some highly effective traits of good project managers that can be captured. It is not about filling in financial statements, it is about having a passion for what you are doing, and productivity, supporting a team in what can be very harsh corporate environments.
Coding Horror - Spying on Users
Coding horror has an amazing story on why you should be careful of just about every download you put on your PC. The story covers G-Archiver from Brother Soft, where the programmer coded a Google mail username and password so that everyone who activated the software had their user credentials stolen, and sent to gmail.
Security Engineers Giving Tricks Away
Should security engineers and people working in security be giving our tricks away so that anyone can find them on line and use them? This is a good ethical debate for security professionals to be having. There are a number of reasons why I think that security engineers should be openly talking about hackers, hacking, protecting your company.
Protecting Systems from "Malware as a Service"
Interesting new research was released today on Malware as a Service, with credentials stolen, and researchers cracking malware.
Is Your Security Department Necessary?
"What do you do that provides value to the company?" With all the companies I have worked with and have worked in over the last 20 years, asking this one question seems to get everyone slack jawed at the interview.
Net stalker's N-Stealth
If you need yet another tool in your tool box, and you want a good web site application level scanner, then you might want to check out N-Stealth from Net Stalker.
A Recent Security Horror Story
This will teach folks to put out help wanted ads, seems a receptionist in Florida read a help wanted ad that her employer put on, and thought that she was going to be replaced.
IP Address as Personal Information
In some very interesting news coming out of the European Union, the IP Address that you use should be regarded as "personal information" meaning it now has the potential to fall under the safeguards and provisions of the very stringent privacy directives that the EU has.
Surviving the Death of Corporate IT Departments
If you have never heard of Nicholas Carr, make it a point today to go visit his blog, and go to Amazon to purchase his books.
DHS and Open Source Community Fix Over 7,800 Bugs
Given a 300,000 dollar grant, over 7,826 flaws and security bugs in over 250 open source projects have been identified and fixed.
Security in the UK Could be Set Back by Decades
In what could be a bad day for United Kingdom pen testers, stress testers, and other systems security folks, the UK is getting ready to ban the creation and distribution of tools that could be used by hackers.
Unprecedented Year In Shutting Down File Sharing Sites
While the Kazza case was previously the biggest win that the Anti-Piracy Movement has had, the unprecedented shutdown of Oink, Demonoid, and sites like TV-Links have made 2007 the most busy and important year in Anti-piracy operations since Napster was shutdown.
Avoiding a Sploggers Arms Race
Bloggers are confronting the idea that sploggers are ripping content, and posting it on their own Adsense laden web sites.
Linux Expands Even Further Into The Enterprise
Linux adoption extends deeper into the corporate enterprise as companies start picking up on the latest versions of Linux for ordinary users.
Linux Developers Rejoice - NYSE Invests in Linux Systems
If there is any other sign that would indicate that Linux has reached a tipping point in terms of popularity and maturity, it is that the staid, stolid, and conservative New York Stock Exchange (NYSE) is investing heavily in Linux systems to power its new Hybrid Stock Exchange system.
Hackers Bypassing Registration with PyCurl
Interesting hacking attack going on at a social networking site that I am working on today.
Forgetful Micromanaging
Sometimes you run into management that is an interesting mix of styles if not a weird almost contradictory management style like the forgetful micromanager.
2007's Biggest Problem - The Trusted Insider
This has not been a banner year for insider hacks, and insider data loss across the board. In many ways we can most likely call this the year of the insider.
Skills Can Be Taught, Personality is Forever
"Skills can be taught, personality is forever".
Security Flaw Hits SecondLife
Linden Labs is advising users that the not fixed security flaw with QuickTime is influencing their users.
Top 10 Information Security Issues
Top 10 lists generally help summarize things that people should be doing, or put in context issues and ideas that are going into a nicely bulletized set of things that a company can be doing to beef up their information security program or projects.
Avoiding Hostility Towards the Interviewer
While hostility during an interview is not all that advised, sometimes people do the strangest things in the middle of an interview.
MPAA University Toolkit for hackers
Probably the best holiday gift ever was presented by the MPAA today, and you can download it for free.
Reverse Engineering Spammers Testing the Water
Spammers are annoying, and generally can cause problems, what is worrying is when spammers are busy out there testing the water, and no one seems to notice.
Security Around Social Initiatives
Read Write Web has a great digest of the entire last round of social applications, from open social to Facebook, android, Bebo and box.net.
Posting Interview Questions Online
This is something I am guilty of, as I have posted a number of different kinds of interview questions on line.
IT Staff Must Adapt
This is not what you want to hear from anyone if you work in technology.
We Need a More Flexible Sense of Ethics in Information Security
One of my greatest mentors in information security is the CISO of a major educational institution; he has served the information security community well, with honor and with distinction over his many years in information security.
Screening Interviews & Culling Resumes
One of the best things you can do when trying to fill a position is to do a screening interview. What I am seeing as I go through the screening interviews is that many folks are misrepresenting their skills on paper, and that means they would be chewed up in an interview.
IT Horror Stories: Interviewing
I interview a lot of folks, I coach, I mentor, and I cull resumes with wild abandon.
Halloween IT Horror Stories: Users
Ok, they can't help it, but IT users provide most of the fodder for the jokes that we tell around coffee, or with our incredulous friends.
Halloween IT Horror Stories: Hosting Providers
Sometimes you just want to sit down and scream, there you are with your web site gathering an audience like you have never seen, you have arrived, you have a page rank, decent connections via all the social media, you did all the right things, life is good, then your hosting provider for some reason changes something, and there you are, DOA, dead, swimming in the dead pool.
Halloween IT Horror Stories - Managers
This Halloween horror story is all about the IT manager who has never been in IT or the IT manager that was the best developer ever.
Halloween IT Horror Stories: Blogging
As Halloween rapidly approaches, it is time for the IT Halloween Horror Stories.
Go live PHP & IIS
PHP just got a major boost from Microsoft this morning with the release of FastCGI for windows.
Should ISPs Work with the MPAA?
The MPAA is courting ISPs as a way to help them narrow down and identify people on their networks who are engaged in Illegal P2P.
Legal Suicide for Startups in the Web 2.0 World
An interesting CNet article on the nine major ways that any startup can commit legal suicide in the Web 2.0 world, and what you need to be aware of legally with your company or application.
Geeky CEOs Rule
If you ever doubted it, then you need to go over to the Business Week article that talks about the early integration of IT in business, and how CEO's who get it, who label themselves as computer geeks get their businesses growing faster than folks who do not.
Is IT Holding You Back from Web 2.0?
One of the ideas in web 2.0 is collaboration, unfortunately, people are finding out that the IT Department that has a long history of non-collaboration, and might be holding back a companies adoption of Web 2.0 technologies within a company.
GPL Lawsuit Filed
The SFLC Software Freedom Law Center has decided to step in and deal with the spat between BusyBox and Monsoon Media.
Using Pligg as an easy Corporate Web 2.0 Site
For those who do not know the Pligg system is a digg clone site that allows people to submit and vote on stories, we run one as a way to collect social book marks and things we think are important at work, and in our general perusal of the Internet looking for stories and things that influence business.
Control your Internet Appearance
You are what you have posted on the internet; the question is how do you manage your internet personality? As well as the eventual humiliation, that will follow.
Forced to Use Windows
One of the unexpected outcomes of a Bittorrent system admin from elite torrents is the courts order to use Windows.
Questions for Interviewing Your Next Security Engineer
This is going to be completely biased in favor of a security engineer that is not tightly wound around military grade information security for everyone at all times.
UN Site is Hacked
The United Nations web site was hacked over the weekend, and was hacked very well by a group that used a common SQL injection escape ' in the code allowing them to put up anti war notes all over the web site.
What Facebook ToS Change Means for Developers
Facebook pulled the wildly popular music sharing Audio one week after it changed its terms of service.
Looking at the State of Web 2.0 Security
Some of the commentary back on this blog is that the state of Web 2.0 security is in relatively poor shape, and as we have gone through a lot of the code available from larger companies, everyone approaching web 2.0 seems to have shoved security out the door while they concentrate on making product.
Tech Heavyweights on Social Networking
In a backlash against the monster's they have created, consumed, used, and built in some respects the tech heavyweights like Jason Calacanis, Robert Scoble, and others are all debating the relative merits of the Web 2.0 creation that they have either created, use, or comment on.
Do you Trust Your Vendor?
One of the things that I get to do in my new job with VMC is find out what people's pain points are and as I was doing research yesterday on vendors, what has been traditionally outsourced, and who has written authoritatively on it some interesting trends show up in the list.
Silverlight a 1.0 Release Candidate
Silverlight Microsoft s alternative to Adobe flash is getting ready to be released as a 1.0 release candidate.
Evil Hack Discovered on Apple's iPhone
SpiLabs has identified an Apple IPhone hack that will allow someone to either own your phone, put it in an infinite loop, or otherwise jack up your phone bill by repeatedly calling 1-900 numbers, and you bet, it is all based on the vulnerabilities found in safari.
Get Permission Before Interviews
Robert Scoble and the Scoble Show is one of the more interesting things to watch if you are interested in what is happening in start up land, or what is neat new technology.
Where IT is Going
Over the last couple of days, I have been at a security conference in NY City, and it has proven to be very interesting in the end not just to hear about what pain people have, but in general, where major industry leaders think it is going.
EU Reviewing All Search Engines
Data retention policy, and the use of that data to gather information about users takes a bigger step in the EU as they decide that they need to review the data protection and retention policies of all the search engines.
Hiring: When Being Smart Just Isn't Enough
Hire the best people that you can find, the problem is hiring the best people you can find.
Best Places to work in IT
ComputerWorld has released their top 100 best places to work in IT for 2007.
The Lament of a Hiring Manager
Like most bosses, I have jobs that need to be filled. They are very specific in what we need, and what the qualified candidate will look like in terms of skills, both technical and in personal communication and team work.
What Do You Want to see from an MSS
One of the hallway conversations we have been having lately is what would a customer want to see in a Managed Security Service.
It's Good to Have Ajax and Ruby Skills
The San Jose Mercury News has an interesting viewpoint on the desirability of web developers that can both code, and understand the requirements or ways that people communicate in the web 2.0 world.
Firefox Automatic Update
Firefox automatic update might be something security folks need to watch out for when they automatically update.
Social Engineers and Domain Hijacking
Slashdot Contributor Bennett Haselton is running an article that is a great example on how to use social engineering to hijack a person's domain away from them.
Microsoft Lets You Take Your Desktop with You
In another move that will make it harder for companies to keep track of their documents and where they go.
Courts: It's ok to "Google" Employees
More than ever, it is important for people to know what "Google has on them". A recent court ruling indicates that employers can use data pulled up in a Google search.
Unifying Fragmented Security Systems
One of the promises of Web 2.0 widgets is that it can take data from various inputs and output them into various formats, and views.
Shifting Landscape for VCs
This is a good question, what happens when you are a VC, you invest in two companies that are doing something completely different from each other, and then one company shifts gears so that both companies are doing the same thing?
Hiring problems & Corporate Practices
Computer World is running an article on how hard it is to find people to fill current open or gap positions in companies.
Wordpress Honeypot Plug-in
From a security viewpoint, this little plug in for Wordpress is one of the more interesting little scripts you can dump onto your Wordpress blog, to see how many evil systems are trying to access your site.
Real Borg Technology
Playing video games without a controller, being able to spot enemies at some 10,000 meters, its not science fiction, it is what is happening in the world today, the brain computer interface is quickly becoming reality.
Web Developer Interview Questions
SEOMoz has a quick list of their favorite web developer questions, and it is a very impressive list.
Are There Enough Developers?
One of the things that was apparent in 1995 through 1999 was that developers, really good developers were hard to find.
We Don't Need an Information Security Industry
As much as I respect Bruce Schneier, and usually follow what he says with few if any questions, I think what he is missing with his speech in London is the Human Element.
Retiring the Browser
The time when Internet Explorer, Safari, Netscape, and Firebox as your window to the internet is just about done for. What is going to replace it?
Preventing & Exposing Errors in Ajax Applications
Ajax.sys-con is running a good article on Ajax and application security that is a good read.
California Assembly Passes Data Breach Law
What happens in California usually ends up impacting companies doing business in California, and the new Data Breach bill looks like it could be another HB 1386 in terms of impact.
The Perfect Security Product?
Still have not found the perfect security product, come close a couple of times, but no cigar.
Ethical Hacking (Finding the right people)
The concept is not an oxymoron, it is better that you find your issues than someone else does and takes your site.
Security Pen Testing - Google Hacking
If you are a security pen tester, you should know about the Google Hacking Database over at Johnny I Hack Stuff.
Direct Web Remoting (DWR)
DWR is a process that stores the java classes back on the server rather than passing those classes to the web browser.
Security, HR and Corporate Secrets
Security and HR are more involved in keeping corporate secrets in the world of Wiki's, blogs, YouTube, and MySpace. Computer World is running an interesting piece about corporate data leakage and unregulated corporate communications.
Limiting API Calls in a Web 2.0 World
Programmable Web is carrying a great article on limiting the activity of a web 2.0 API with real world examples of how they work.
Information Security as an Open & Closed System
The world of information security is both an open and a closed system in light of the way that we share data.
Information Security Leaders
This was written soon after having listened to both the CISO of Cisco, and one of the primary think tank leaders from Gartner Group in December of 2005.
Information Security as an Open and Closed System
The world of information security is both an open and a closed system in light of the way that we share data.
Information Security Creativity
1. There has to be creativity in information security - without it we keep on doing the same things over and over again, regardless of the outcome, or the technology that we are working with.
Information Security Organization
In conversations with people at work and at home, one of the things that has reflected negatively on the problems surrounding information security as an organization (gross label, not true in all cases) is that the primary issues are:
Starting a Web 2.0 Company - What's Already There?
What programs and API's are out there for starting web 2.0 company?
Technical Certificates Declining in Value
Monster.com is reporting that some IT Certifications are actually declining in value.
Tech Upswing Leading to Decrease in Instructors?
I have been visiting colleges in the local Seattle area, and many of them desperately need adjunct faculty.
WDSL & webresource.axd
Various WDSL (Web Service Description Language) entities exist in a web server.
Enderle on Linux
Linux does not exist except as a concept, we can all move on now.
Saying What the Company Already Knows
As we wrapped up a project and delivered our final report, why wasn't management surprised by what we found?
How Britney Spears Relates to Insider Threats
No, I am not nuts, but if you want a perfect example of personality changes that could precipitate into an insider threat to a company, look no further than people magazine.
Linux Tops Dell Idea Storm
Linux, Open Office, and no extra software are the top three customer proposed ideas at Dell Idea Storm.
The Month of PHP Bugs
In general, I am a major advocate of responsible disclosure, and frankly even if some of the security bugs released during the "Month of PHP Bugs" are two years old, there is a question of dubious ethics here.
CIOs Don't Feel the Love
When it comes to expectations, CIO's and IT Managers are not feeling the "love" from their managers.
Information Security Management Still on Top of the List
Top projects of 2007 According to the AICPA, most of them are security, and the number one project is going to be getting a handle on all the information that is generated by people, systems, and procedures, and then making sense out of all of it.
Novell Could Loose Access To New Linux Versions
Make a deal with a big closed source company and the FSF (Free Software Foundation) may pull your access rights to Linux Distro's. At least that is what Novell is facing this week.
When The Paranoia Meter Pops
Bad security days happen, when the paranoia meter pegs and there is no substantiating facts behind it, some days it's bad to be a paid paranoiac.
Review: SpiDynamics Web Inspect
Every once in a while, you run into a tool that becomes an essential member of your tool kit, like snort for IDS, Nessus for scanning a network, the new version of Web Inspect by SpiDynamics has become just as essential.
Security Event Manager Review
Over the last few months I have been fortunate to beta test, or test a number of information security tools to see how well they would work in a high volume environment.
Specializations for Outsourcing
Google's in the press again, and this time about information security, and a host of other "specializations" that can be, and maybe should be outsourced.
What is it with These Recruiters?
I love recruiters, they form a very important niche in our economy, they call people, and they ask them if they would be interested in a job, but are they paying attention to what people want?
Good Information Security Resources
The month of Apple Bugs is just about over with, and the Month of Kernel bugs is over with, but still the zero day tracker keeps on plugging along and giving out some interesting information that is of a lot of use.
Corporate Email Wanders
Technewsworld is running a story on company personnel who forward company e-mail to their MSN, Google, Yahoo, or other hosted e-mail accounts.
Outsourcing the Grunge Work
Interesting ideas floating around today, the basic premise is that people are earning a lot of money to build and tear down ACL's, manage routers, switches, firewalls, and other general day to day maintenance.
Ajax-Enabled App Exploitation Framework
Reading an interesting paper from Wisec Italy, who presented a paper on an exploitation framework for Ajax and Web 2.0.
Information Security - A People Problem
Interesting article out on outlaw about how information security is a people problem, which is something that we all probably really do know, even if we won't really admit it all the time.
Common Language Equates to Common Goals
Over at Dark Reading, Dr. Chris Pierson an attorney with Lewis and Roca discuses the impacts of not being able to communicate between business, security, IT, and others within the company.
Should Google Offer Its Own Services as a Tip?
I have been watching the latest spat against Google for offering "tips" on services and products that they offer, when some web searches are input into Google.
Insider Threats
Organizations in many ways contribute the actions of their employees.
What are Our Co-workers Doing on the Net?
8e6 has a report here that should provide all of us in security an amusing insight into what our co-workers are doing on the internet.
IT Security: The Actuarial Table
Earlier this week I talked about building out an actuarial table for defining risk in information security as something that would work in helping information security professionals being insured against the work that they do.
Malpractice in Information Security?
Interesting QA over at CSO Security Counsel today with Dan Greer trying to define what is information security malpractice, and the most interesting part is that today, we can't define it.
Zen and the Art of Being a Small Business
Being a small business is tough, there is no way around that, long sleepless nights, long sleepless days, clients who act bizarre, clients who do not pay promptly yet you need them anyways.
Small Business: More Zen
This is part two of a two part series, Zen and the art of small business.
Why Getting Great "A" Talent is Hard
All companies really want to hire the best and brightest; the best ones that they can find that meet the criteria of the job, would seem to fit into the organization, and has the ability to actually do the job.
Computer Security Still Damaged by Social Engineering
Interesting article out of CIO magazine about Vista, and that while it is a highly secure operating system, with some neat things it can do, it still is not invulnerable to those programs that require social engineering to get the user to do something.
Technology Worker Shortage, Everyone on Bandwagon
This week Price Waterhouse Coopers (PWC) released a report on the state of high tech hiring, and it is really truly a must read.
Oracle Responds To Information Security Critics
Oracle the Database Company is taking time out on its corporate blog to address a number of critics on the security of Oracle Databases.
Information Security Fundamentally Broken
In May of 2006 I read an article by Noam Eppel on Security Absurdity, Why information security is broken, which can be downloaded here to read the original article.
UK Computer Industry at a Crossroads
The BBC is running an interesting article on the number of qualified skilled people wanting to work in the computer industry, and the lack of said people who are coming through the college ranks.
Copybot and Second Life
For folks following the copyright intellectual property implications in the gaming industry, Second Life is facing its first real crisis when it comes to the value of in game goods, copyright, liability and just plain old copying.
Risk Management - Security Qualified Candidates
All companies have a risk tolerance, some companies have a higher tolerance for risk than other companies do, many follow few lead.
Collaborative Information Security Next?
Have anyone ever been on the phone with a client after the job, where the client wants more information, needs a copy of the report, or just wants to spend some time discussing the implications of the report that the company generated for them?
Risk Management - Unreasonable Project Schedules
All companies have a risk tolerance, some companies have a higher tolerance for risk than other companies do, many follow few lead.
AJAX Security
In the last 3 months there have been 11 million articles found by Google that have been written about Ajax security.
Reputation Defender
Here at IT Toolbox we have written a lot about the impacts of social networks, and the risks to privacy and later on employability. Previous articles are Myspace and Privacy, the good part is that now comes along one of the smartest startup idea's that I have seen, reputation defender. They are being featured in wired magazine today here.
Closed Vs. Open Sourced Material
I have been thinking about a comment I got on creative commons and how it should be more clearly labeled in the longer run so that people know what they can do with media.
Microsoft and Zend Play Nice
Probably more than one jaw hit the floor when yesterday Zend and Microsoft announced that they were going to start playing nicely with each other. If anyone has ever tried to get PHP to load into a windows 2003 server probably knows what I am talking about too.
Bringing Your Retail Vision to the Web
For retail people, for many small business owners, they have a vision of the web site that they really hope to see, but have problems then translating from their vision to the details that technical folks need so that the vision can be realized.
Outsourcing - Relationships and Issues
Many folks cringe when we start talking about the experiences that we have with outsourcing anything from the company.
Protecting Your Lap top
If anything makes an argument for disk drive level encryption, or synching a laptop back to the head office better than the recent news and meetings over the ability of US Border Guards being able to seize and inspect a companies laptop I cannot think of one.
Revisiting Google Borg or Google Brain
Originally and with much enthusiasm I wrote about Google seen becoming the next Borg, where in our collective consciousness we tried to see what was available to us using the Google search engine.
The Traditional IT Attitude: Dumping it
E-Week has two very penetrating and insightful articles on IT and the roles that it plays in business. These articles support the idea that IT needs to become more business savvy, and business needs to become more IT savvy to make it in the market place.
Google Censorship (What we can no longer find)
I am a big fan of Google, for all the things that Google stands for, and for all the amount of content that I generate about the company, I really do like them.
|
|
|
 eBUSINESS
RESOURCES |
|
|
 |
|
| About
WebProNews |
WebProNews is the number
one source for eBusiness News. Over 5 million eBusiness professionals read
WebProNews and other iEntry business and tech publications.
WebProNews provides real-time coverage of internet
business.
Free Email Newsletters:
|
|
|
|
