notes from an admin for himself. you can read it if you want.

Entries Comments

Custom Search

Hey, go to hell and die!

6 October, 2008 (14:07) | Mindless Blather | No comments

Some script kiddie scored an ip out there that doesn’t get blocked for being an idiot all day every day. Hit 2 companies I work for already but just spams up the logs, no real craft involved. Here’s your fair warning kid.

Robocopy GUI

18 August, 2008 (19:09) | How to, software | No comments

For people who need a gui to help with all of those pesky command line arguments, there is a gui version from the good people at MS.

Grab that little sucker and then look up the wikipedia article on robocopy to refresh your memory on what the switches mean.

The best windows copy utility – robocopy

17 August, 2008 (19:39) | How to, software | No comments

Need to merge two files and keep only newer files?

robocopy c:\folder1 c:\folder2 /E /XO

Copy files between two servers and maintain permissions

robocopy c:\folder1 \\server\sharename\destination /E /sec

Robocopy is sweet because you can use it to sync folders, copy permissions, copy encrypted files, pretty much every file copy operation you can think of. Just do a robocopy /? at a command prompt to check it all out

Nerd toy of DOOOOOM! Nerf machine gun

8 August, 2008 (00:35) | Mindless Blather | 2 comments

Hooray! I finally got my nerf machine gun. Not quite as cool as Rachel, my SAW, but less lethal in an office battle. Should have testing done on my coworkers tomorrow and I’ll start designing mod plans this weekend. Weeeeeee!!!! I hope 20 spare darts will last for at least a week.

Predictive dynamic blacklisting

24 July, 2008 (05:36) | prediction, security, software | No comments

Are they ever going to call it blocklisting and smurf listing or something? This black and white thing generates some bad press. ANYHOW…

SRI and SANS came up with this sweet predictive blacklist fun. It reminds me of what Symantec used to do with their free log reader software, Deepsight . Symantec used to give this log aggregation software away, feed all the data into it’s own servers and then provide threat analysis to it’s enterprise customers. Nobody had a free central log reader out for windows clients then so it seemed like a good idea at the time.  I didn’t have time to read logs from over 1000 machines. Part of the image was the magic of deepsight. I gave Symantec 1000 private IPs with DNS names to analyze and they gave me a daily email showing where my threats were coming from. It was even HTML email. OOooOOooOOoo. Anyhow under the hood was the same deal as this blacklist “predictor” which predicts nothing… It shows you a current threat and distributes that data based on comparing some logs. Still cool stuff just a funny name for free stuff. I expect it to cost money soon.

Now the open source community catches up! This is super cool. Hooray for open source that currently is exciting and will soon be purchased or boring and unsupported!

Iphones can not be trusted for corporate data security

17 July, 2008 (08:10) | mac, security | No comments

I just posted this on spiceworks:

Iphones cannot do data encryption. In my opinion this is an auditors dream. SOX, HIPAA, DOD, PCI compliant companies can’t use an Iphone. So every health care, publicly traded company, payment card industry and a LOT of government. Companies who value their intellectual property can’t use an Iphone.

So my questions are-

  1. When will someone write storage encryption software
  2. Who has a CEO who won’t give it up
  3. Who has employees with iphones and how has it affected you
  4. What other regulatory agencies are out there that require data encryption
  5. Blackberrys have single factor authentication (i think rsa isn’t out for it yet) does this violate HIPAA if patient data is emailed
  6. Who will be the first to misidentify SSL as encryption for storage in this thread
  7. Any other thoughts

Please feel free to comment. If a Mac developer stops by, please pass the word on. Exchange support does nothing for me if the email is stored in the clear inside the iphone. And once you have encryption built in I’m pitching my blackberry and getting one.

Encryption plugin for Pidgin and AOL

15 July, 2008 (18:05) | security, software | No comments

Pidginis listed on my favorite free software page as a do it all instant messenger. There is an AWEOME plugin for it called OTR for encrypting your messages. When you are using it you can tell it to turn off logging or leave it on. GO HERE to get it. Look for the link specific to pidgin. There is also a link for an installer that will work with AIM and a few other IM programs. Try pidgin, you will love it.

Stupid Windows Trick #16 – Show excel formula hotkey

13 July, 2008 (08:35) | Mindless Blather | No comments

Everyone loves excel right? Do you have a bunch of wicked formulas? Want to show all of them on the page instead of the data in each cell?

Control `

Fixes page added

10 July, 2008 (21:53) | How to | No comments

I’ll start trying to remember to write fixes that I have found in a more concise manner than the usual MS dribble. Go to the fixes link on the right if you feel like it, but use google. It is your friend.

Cool website for security info – Dark Reading

9 July, 2008 (17:00) | security | No comments

Check out this great story about why not to allow peer to peer applications in the workplace. DarkReading

All it takes to ruin your company is one developer getting lazy and saving a file to a directory where the shared files are on a P2P app. Or one person with HIPAA data. Mistakes happen. Holes that expose those mistakes are time bombs.

« Older entries

 Newer entries »