Thursday, December 18, 2014

A look back: 4 years, 100 posts

Over the last 4 years, this blog has covered a lot of ground. We've looked at safe surfing practices when using the Internet in a public location. We've looked at how to set up a home network to be reasonably secure. We've talked about password practices, and the value of two-factor authentication to secure more valuable accounts. We've discussed a rash of credit card thefts at major retailers. We've seen several severe flaws in services used widely on the Internet. This blog has even published several vulnerabilities and website flaws discovered by yours truly.

My goal in writing is two-fold: I write technical content in the hopes that other professionals will find value, but I also endeavor to educate those that have not made a career out of information security. To that end, if there is a topic you would like to know more about, or a topic I have not explained as clearly as you would like, I invite you to comment on this or any post, or send me a message 
at davidsblog (at) 7longeneckers (dot) com.

Without further ado, a highly biased revue of top topics:

Monday, December 8, 2014

Solving a crypto puzzle with Python

A beginners guide to Python programming, to solve a Caesar cipher.
This December, computer security firm Sophos has been running a "12 Days of Christmas" contest, with cyber-related quizzes each day. So far the quizzes have ranged from hoaxes to malware authors to abandoned operating systems. Each of the questions have touched on topics relevant to hackers (using the traditional, inquisitive sense of the word ... hacking is not in and of itself evil!), and each have required skills useful to a cyber security pro - often, simply paying attention to detail and noticing clues.

Monday, December 1, 2014

Thanksgiving fun: reviving a busted power adapter

What do you do when a laptop A/C adapter breaks? When you are a family of geeks, you don't throw it out.
What do you do when a laptop A/C adapter breaks? When you are a family of geeks, you don't throw it out. There's a longstanding tongue-in-cheek tradition that Thanksgiving is the time when IT pros visit family and fix our parents' technology problems ... in this case, it was my teenage son's computer though, so was a perfect opportunity to have a little tech fun with my kid. 

Thursday, November 27, 2014

Happy Thanksgiving!

Happy Thanksgiving from our family to yours!





Wednesday, November 26, 2014

Cheap Rolex Knockoffs from the Russians in Korea

Just in time for Black Friday and Cyber Monday, I received a spam offering "Limited time Rolex replicas and Louis Viutton handbags" at unbeatable prices. These aren't run of the mill knock-offs, no. These are "High Quality Luxury Replicas That Are An EXACT Replica. Even a Jewler [sic] Can't Tell Our Replicas apart from the real thing." Wow, right? Who wouldn't want high class fake luxury to go along with the annual post-Thanksgiving ritual of waiting in line for hours to save a few bucks on a TV? And surely an email from Sbgrmogq@wgyxfez (dot) com suggests a legitimate retailer, right?

Friday, November 21, 2014

Password reuse: don't let lax security at one site give away all your accounts

Person thinking "password" between a bank and a musical note
Passwords are a hassle. In many cases though, they are the first line of defense against someone accessing your accounts without your permission. But passwords are a hassle, so why would you want to remember dozens or hundreds of individual passwords? Why not use the same username and password everywhere? 

Unfortunately even with solid security practices a business or web site may be compromised. Mistakes happen. Previously unknown software flaws are discovered. Sophisticated new attack methods are invented. Sadly though, sophisticated hacks are not usually needed: not every website follows the best security practices. Some sites fail even the most basic of precautions. It would be a real shame to log into your favorite entertainment website only to have your password stolen and used to break into your bank account.

Wednesday, November 12, 2014

Layers of security - a look at Fidelity 401k.com

This started out as a story of lax security at one of the biggest providers of corporate retirement services. As I researched though, it has become a lesson about layers of security. All in all, the company described does a pretty good job, and is making even more improvements.

If you have an account with Fidelity Investments (including their 401k.com and NetBenefits properties), take a minute to update your password, then read on. This time the reason is beneficial, and not breach-related: Fidelity recently updated the password rules to allow a significantly stronger password. tl;dr: jump to the end for a few quick tips.

Whois David?

My Photo

I have spent the better part of two decades in information technology and security, with roots in appdev support, system administration, and network security. My specialty is cyber threat intelligence - software vulnerabilities and patching, malware, social networking risks, etc. When not at work, I spend my time raising five rambunctious kids - twins age 14, a 13-year-old, and twins age 11. Amongst that, I am the Commander for a Wednesday night Awana club at my church, teaching some 60+ preschool through 6th grade kids. Follow @DSTX_Awana or Like FBC Dripping Springs Kids to see what is going on in our club.