IT DefPat (Defense Patrol)

10.5

2012-01-09T17:48:00.001-05:00

@6
Sent on the Sprint® Now Network from my BlackBerry®

Updated: Tgt giant

2011-10-15T19:23:00.001-04:00

BEGIN:VCALENDAR
VERSION:2.0
PRODID://RESEARCH IN MOTION//BIS 3.0
METHOD:REQUEST
BEGIN:VEVENT
X-RIM-REVISION:0
X-MICROSOFT-CDO-BUSYSTATUS:BUSY
SUMMARY:Tgt giant
LOCATION:Pgp
CLASS:PUBLIC
ATTENDEE;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN=Itdefpat:MAILTO:itdefpat.cissp@
blogger.com
UID:XRIMCAL-829793187-1521477096-15989946
SEQUENCE:3
DTSTART:20111015T214500Z
DTEND:20111015T231500Z
DTSTAMP:20111015T232338Z
ORGANIZER:MAILTO:itdefpat@gmail.com
END:VEVENT
END:VCALENDAR

Shopping

2011-10-15T15:11:00.001-04:00

BEGIN:VCALENDAR
VERSION:2.0
PRODID://RESEARCH IN MOTION//BIS 3.0
METHOD:REQUEST
BEGIN:VEVENT
X-RIM-REVISION:0
X-MICROSOFT-CDO-BUSYSTATUS:BUSY
SUMMARY:Shopping
LOCATION:Gbt
CLASS:PUBLIC
ATTENDEE;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN=Itdefpat:MAILTO:itdefpat.cissp@
blogger.com
UID:XRIMCAL-829793187-1521477087-10007670
SEQUENCE:2
DTSTART:20111015T160000Z
DTEND:20111015T191500Z
DTSTAMP:20111015T191125Z
ORGANIZER:MAILTO:itdefpat@gmail.com
END:VEVENT
END:VCALENDAR

Updated: Rosh1

2011-09-28T17:10:00.001-04:00

BEGIN:VCALENDAR
VERSION:2.0
PRODID://RESEARCH IN MOTION//BIS 3.0
METHOD:REQUEST
BEGIN:VEVENT
X-RIM-REVISION:0
X-MICROSOFT-CDO-BUSYSTATUS:BUSY
SUMMARY:Rosh1
CLASS:PUBLIC
ATTENDEE;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN=Itdefpat:MAILTO:itdefpat.cissp@
blogger.com
UID:XRIMCAL-829793187-1945950034-1428840
SEQUENCE:3
DTSTART:20110928T230000Z
DTEND:20110929T224500Z
DTSTAMP:20110928T211014Z
ORGANIZER:MAILTO:itdefpat@gmail.com
BEGIN:VALARM
ACTION:DISPLAY
TRIGGER;VALUE=DURATION:-P00DT01H00M00S
END:VALARM
END:VEVENT
END:VCALENDAR

Updated: Kl nidre, yom kipr

2011-09-16T14:25:00.000-04:00

BEGIN:VCALENDAR
VERSION:2.0
PRODID://RESEARCH IN MOTION//BIS 3.0
METHOD:REQUEST
BEGIN:VEVENT
X-RIM-REVISION:0
X-MICROSOFT-CDO-BUSYSTATUS:BUSY
SUMMARY:Kl nidre\, yom kipr
CLASS:PUBLIC
ATTENDEE;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN=Itdefpat:MAILTO:itdefpat.cissp@
blogger.com
UID:XRIMCAL-829793187-1945950037-5910305
SEQUENCE:3
DTSTART:20111007T224000Z
DTEND:20111007T234000Z
DTSTAMP:20110916T182611Z
ORGANIZER:MAILTO:itdefpat@gmail.com
BEGIN:VALARM
ACTION:DISPLAY
TRIGGER;VALUE=DURATION:-P01W
END:VALARM
END:VEVENT
END:VCALENDAR

Rosh1

2011-09-16T14:24:00.001-04:00

BEGIN:VCALENDAR
VERSION:2.0
PRODID://RESEARCH IN MOTION//BIS 3.0
METHOD:REQUEST
BEGIN:VEVENT
X-RIM-REVISION:0
X-MICROSOFT-CDO-BUSYSTATUS:BUSY
SUMMARY:Rosh1
CLASS:PUBLIC
ATTENDEE;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN=Itdefpat:MAILTO:itdefpat.cissp@
blogger.com
UID:XRIMCAL-829793187-1945950034-1428840
SEQUENCE:2
DTSTART:20110928T230000Z
DTEND:20110929T224500Z
DTSTAMP:20110916T182413Z
ORGANIZER:MAILTO:itdefpat@gmail.com
BEGIN:VALARM
ACTION:DISPLAY
TRIGGER;VALUE=DURATION:-P01W
END:VALARM
END:VEVENT
END:VCALENDAR

Fw: HOOTERS Celebrates National...

2011-07-29T12:22:00.000-04:00

------ SMS Text ------
From: 36832
Sent: Jul 29, 2011 12:22 PM
Subject: HOOTERS Celebrates National...

HOOTERS Celebrates National Chicken Wing Day!Buy 10 Wings Get 10 FREE TODAY 7/29@HOOTERS. Dine in only. www.Hooters.comTxt STOP to end .
Sent on the Sprint® Now Network from my BlackBerry®

Fw: WFTV Severe Weather

2011-06-18T08:03:00.000-04:00

------ SMS Text ------
From: 45995
Sent: Jun 17, 2011 6:51 PM
Subject: WFTV Severe Weather

WFTV Severe Weather
New Alert
Severe Thunderstorm warning in effect for Orange until 06/17/2011 19:45
Sent on the Sprint® Now Network from my BlackBerry®

newness

2009-06-09T13:05:00.001-04:00

Midway through 2009.
Looking for new job
(and wonder where the last year went)

Jobs

2009-04-21T19:38:00.001-04:00

tom.herald@lmco.com
Sent from my BlackBerry® wireless device
http://securitypro.infosecurity.name

In 330

2008-11-01T15:08:00.001-04:00

Sent from my BlackBerry® wireless device
http://securitypro.infosecurity.name

Fw:

2008-09-18T16:46:00.000-04:00

------Original Message------
From: Yahoo! Reminder
To: securitypro@sprint.blackberry.net
Sent: Sep 18, 2008 4:41 PM
Subject:

09 Spring Conference , 9/18/2008, 5:00 pm (geekmotu)

09 Spring Conference
Date: Thursday, September 18,
2008
Time: 5:00 pm, Eastern Daylight Time (GMT
-04:00, New York)
Meeting Number: 487 576 417

Meeting Password: (This meeting does not require a
password.)

Please click the link below to see more
information, or to join the meeting.

-------------------------------------------------------

To join the online meeting

-------------------------------------------------------

1. Go to
https://vitech.webex.com/vitech/j.php?ED=113550177&UID=0

2. Enter your name and email address.
3. Enter the
meeting password: (This meeting does not require a
password.)
4. Click "Join Now".

-------------------------------------------------------

% 0aTo join the teleconference only

-------------------------------------------------------

Call-in toll number (US/Canada): 1-650-429-3300

-------------------------------------------------------

For assistance

-------------------------------------------------------

1. Go to https://vitech.webex.com/vitech/mc
2. On the
left navigation bar, click "Support".

You can
contact me at:
psimpkins@vitechcorp.com

1-210-267-1152

To add this meeting to your calendar
program (for example Microsoft Outlook), click this
link:

https://vitech.webex.com/vitech/j.php?ED=113550177&UID=0&ICS=MI&LD=1&RD=2&ST=1&SHA2=yb363OnpfBbtinCvmfa07uj-fL/dnOPukanQK-NVxas=

The playback of UCF (Universal Communications Format)
rich media files requires appropriate players. To view
this type of rich media files in the meeting, please
check whether you have the play ers installed on your
computer by going to
https://vitech.webex.com/vitech/systemdiagnosis.php

http://www.webex.com/go/mcemfreetrial

http://www.webex.com
We've got to start meeting like
this(TM)

IMPORTANT NOTICE: This WebEx service
includes a feature that allows audio and any documents
and other materials exchanged or viewed during the
session to be recorded. By joining this session, you
automatically c

Sent from my BlackBerry® wireless device
http://securitypro.infosecurity.name

holiday wish list

2007-11-20T17:44:00.000-05:00

looking at Ars Technica Guide
http://arstechnica.com/guides/buyer/guide-200711.ars/3
and Maximum PC

MBD (ars)
Gigabyte GA-P35-DS3P, which has built-in gigabit Ethernet, Dolby 7.1 channel audio onboard, eight SATA connectors, one IDE connector, Firewire, support for up to eight USB 2.0 ports, two PCI-Express x16 slots (x16 and x4 electrical), three PCI-e x1 slots, and two PCI slots. Reports are that this board overclocks quite well, from the official 1333mhz maximum speed of the P35 chipset up to 1600mhz, 1800mhz, and higher.

CPU (ars)
As most consumer applications and games prefer high clock speeds rather than the two extra cores, the Core 2 Duo E6750's 2.66GHz clock speed, 1333MHz FSB, and 4MB of L2 cache is a better value than a Core 2 Quad in this situation.

RAM
2 - 4 GB, DDR2-800

VID
PNY Geforce 8800GT
RV670-based Radeon HD 3870 is an excellent,
nVidia's new G92-based Geforce 8800GT 512MB is slightly more expensive.
Slightly lower-end, the AMD Radeon HD 3850 is the new card of choice, outperforming all of its competition at the sub-$200 price point for the moment, including the Geforce 8600GTS and Radeon HD 2600XT.

Sound
Creative X-Fi XtremeGamer

HD - have
netwk - on board

Case
Antec Solo
Cases with 120mm fans and damped hard disk mounts are now easy to find, such as the Antec P182, Thermaltake Tsunami, Antec NSK6580, Antec NSK4480, Coolermaster Centurion 5, Lian-Li PC-V1000BPlus II

Power
premium 500W in current

Monitor
NEC 20WMGX2 20" LCD
24"?HP LP2465, Dell 2407WFP-HC, and BenQ FP241W. For those whose tastes run towards the traditional 4:3 aspect ratio rather than the 16:10 widescreens, the HP LP2065, Dell 2007FP, and Viewsonic VP2030b are excellent choices

Innovation

2007-10-04T12:24:00.000-04:00

Use current internet commodities in innovative ways to solve security issues

bit torrent - modify, enhance to allow transferral of highly sensitive/classified data. theoretically, this should allow the highest classified information to be freely transferred over open, black, public networks

copyright brett osborne 2005-2007
securitypro@infosecurity.name

Hold on

2007-10-03T23:26:00.000-04:00

Accroches-toi a ton reve

OMB, NIST, NSA, DoD Formalize Single Federal Desktop Configuration For Agencies Using Windows (21 September)

2007-09-26T16:16:00.000-04:00

FROM SANS NewsBites:

To formalize the methods to be used in implementing US government policy on buying "security baked in" more than 700 federal executives and business executives gathered at NIST to hear how to make it work. White House Cyber Czar Karen Evans, NSA's Vulnerability Chief Tony Sager, Gartner's Security VP John Pescatore, NIST ITL Director Cita Furlani, Office of the Director of National Intelligence's Security Chief Sherrill Nicely and DoD's top cyber strategist Michelle Iverson, Microsoft's Chase Carpenter and more than 15 commercial tools vendors provided guidance, tools, demonstrations of effectiveness of the new FDCC (Federal Desktop Core Configuration) and S-CAP (SecuritY Content Automation Process) initiatives.
-http://www.gcn.com/online/vol1_no1/45074-1.html
Where to find complete documentation:
[Editor's Note (Paller): Commercial companies like Apple, Intel, CA and HP are also supporting or architecting support into upcoming products (through their systems management platforms) the new S-CAP standard for automating vulnerability discovery and correction. Every large security company is building in S-CAP compliance (though a few are exaggerating when they say they already have it). Several Fortune 100 companies (and one Asian and two European governments) are finalizing strategies for taking advantage of the rapid patching and massive cost savings enabled by the FDCC. FDCC and SCAP are the best examples to date of the US government leading by example and large organizations are taking note. ]

OWASP

2007-09-20T14:22:00.000-04:00

online web app sec project

deperimeterizationistalism

2007-09-20T14:02:00.000-04:00

here is
http://danweber.blogspot.com/2007/09/about-firewalls-and-bonds.html
which is response to
http://blogs.zdnet.com/threatchaos/?p=479

Gosh do I have an opinion to this... I'll have to write it soon, wont I?

ISSA Officer meeting/telecon 19 Sept 2007

2007-09-19T12:21:00.000-04:00

See issa officer mtg 070919 pdf and agenda.pdf
the AT&T call announces when everyone enters - annoying
al should mute; all not put telecon on hold

1230 EST - 1400 EST
with Howard Schmidt

Intl Board:
transition to suppt company
develop better accuracy, better server membership
annual reports by end of week

?strategic direction for issa internationally?:
better support (9500 members); most chapters self contained, others in need of support - make available/callctr-email-online; member renewal, who are members; growing chapters-#s, content, infra for suppt
?get you to visit chapters?:
119 chapters, visited 25 so far. set up others, hi pri. Contact Lynn

Ralph Poore, awards chair
for comms and presidents (comm, pres must nominate)
can self nom for ch of year, or comm award, hall of fame, sec pro of year
via poorer@acm.org

dana baumgart chapter@issa.org for promotionals
or lynn trainer

success/lessons learned:
TX - combined events with ISACA, InfraGard for win-win
SAC - DR/BC groups ASP, full day table top with CA state oes - dr exercise with state, city
MN - with ASIS
NoVA sherry Voigt - purch sharepoint, all info shared, all activities, manage emails; not allowed for members, ofcr only, future (gen infor on website)
KC - reg conf, with HTCIA, ASIS, INfraGard. IIM course in advance.
CapTX - website, with counters. if we home grown, inconsistent - intl to lead
TELL ISSA IN ADVANCE

TREAS WKSHP
(#6)
7 - ACCOUntability, motivation, GOALS (speakers, meetings, dev money), concrete measurement of success, projecting cash flow;
budget needs to be discussed regularly
8 vendor/sponsor
general or specific (grow/dev, event)
9-12 mo ch disbursements
ACH+email or check+list
slide 11 shows reconciling
jun06-feb07 some distributions not flowing
PP is an option now (costs to intl)
renewal may not be going smoothly - should check list - some chapters are losing half of members
if lapsed, get snail mail
CC the president
dir dep better; sent last monday (19 by check)
15 Chapter filing - over $25k gross, form 990
new: 990-N if less than$25 - electronic "postcard" (>12/31/06) 15 may 08 for 2007
patl@issa.
TAxID form (SS4?)
ISSA is 501(c)3
are chapter articles of incorp at interntl: chapters dont - bylaws
dir & ofcr liability ins?

survey - 17+
2/3 monthly meet
cash reserves need improvement - what does it take to sustain for year?
depend on sponsorship or members?
sf-silicon-infrgard pool moneys
survive 6 mo with no income/no worries; add for outreach, events. took 3 yrs at sil val
most income from conferences, financial/income from sponors
how to manage - email kevin
along with templating of websites, email campaigns
pp button on local sites?
use issa banner on local?
can host/mail on interl issa! chapter@issa kevin.richards@issa
speaker sharing
past presidents are good to retain

to post in chapter officer section of site

poland in January - speaking oppoortunity

*

DR JOURNAL ORLANDO 2008

2007-09-18T12:58:00.001-04:00

WDW Coronado Mar30-Apr2

Attack of the Teenage Mutant Ninja Angelina

2007-09-18T11:38:00.000-04:00

13-year old virus escapes detection, ships with new PCs

NDSS Conferernce

2007-09-18T11:25:00.000-04:00

CFP until 9/21

PASSWORDS diceware

2007-09-11T14:24:00.000-04:00

This is basically a twist on traditional codebooks (1800s-early 1900s). Use dice to find codewords, join together into a long passphrase.

CON - lacks capitalization and special characters
Fix - add a two dice to select numeral/special from another grid (not bad), to insert in passphrase.

NOTE - only the wordlists should be electronic - this is a physical real world random entropy exercise. use of computing for randomness reduces effectiveness (computers only use pseudorandomness) unless you can access from a supercomputer or state lottery system maybe.

The Florida Department of Law Enforcement Presents: Operation Weblock

2007-09-10T22:13:00.001-04:00

The Florida Department of Law Enforcement has arranged several Free seminars that we thought that your ISSA members would be interested in. Please feel free to contact me for more information regarding these events, or simply forward the announcement on to your membership.Thank you for your continued support in securing Florida's cyber-infrastructure!

The Florida Department of Law Enforcement (FDLE) and SecureFlorida.org proudly announce the launch of Operation WebLock.

Operation WebLock is a FREE two-day seminar designed for the IT community, aimed at creating a stronger cyber infrastructure throughout Florida. Topics discussed will include incident response, combating anti-forensics, and coping with disasters.

Seminar sessions will feature expert presenters from Verizon, CyberTrust (now a division of Verizon), the FBI, FDLE, and the Florida Legislature. The seminars culminate in a simulated real-life tabletop exercise conducted by the University of Texas at San Antonio.

In addition to this impressive line-up, we are proud to announce, renowned author and journalist, Dan Verton as our keynote speaker for the event. Mr. Verton has also agreed to present a breakout session on cyber-terrorism.

Operation WebLock is being held at four venues throughout Florida in October. While the event is absolutely free to all who attend, you must pre-register, as seating is limited.

Tallahassee: October 8-9, 2007

Tampa: October 11-12, 2007

Jacksonville (Ponte Vedra): October 18-19, 2007

Ft. Lauderdale: October 22-23, 2007

You can find more details of Operation WebLock, and register for the event, by going to www.secureflorida.org

Fwd: Announcing a New 'Disaster Recovery Planning' Seminar in Orlando Featuring Jon Toigo

2007-09-10T22:05:00.001-04:00

Subject: Announcing a New 'Disaster Recovery Planning' Seminar in Orlando
Featuring Jon Toigo

>

>We're excited to present the *FREE* 'Best Practices: Disaster
>Recovery Planning' morning seminar in Orlando featuring the foremost
>expert on DR, Jon Toigo.
>
>SCARY FACTS ABOUT DISASTER RECOVERY

>Fact #1 - A company denied access to its data assets for longer
>than 72 hours is likely to be out of business within a year.

>Fact #2 - Fewer than 50% of organizations plan for disaster, and less than 50% of those actually test their plans.

>Fact #3 - Only 45% of companies are capable of recovering from a primary data center site failure within five hours.

>
>Read on to find out more about this FREE half-day seminar. There is limited seating for this exclusive, free half-day seminar. To apply for this event call Seminar Delegate Relations Manager Marc
>Petito at (781) 657-1569 or go to:http://go.techtarget.com/r/2116857/638217
>
>********************************************************************
>'Disaster Recovery Planning with Jon William Toigo'
>

>Where: JW Marriott Orlando, Grande Lakes, Orlando, FL
>When: Friday September 28 * 8:30 am - 11:55 am
>Cost: FREE!
>Who: This is a free seminar for IT professionals who are
> interested in disaster recovery
>Produced by: Compellent and TechTarget Custom Media
>
>Complete info and registration are available at:
>http://go.techtarget.com/r/2116858/638217
>
>Your registration includes: Free breakfast plus a chance to win a
>valuable prize!
>********************************************************************
>
>ABOUT THIS SEMINAR
>Noted storage and data recovery expert Jon William Toigo is the
>keynote speaker at this morning seminar. The author of several DR
>books and more than 1,000 articles on the subject, Toigo will help
>you assess your current DR plan and provide insights and advice on
>some new approaches to disaster recovery planning and data recovery.
>
>During the keynote presentation Toigo will discuss how natural
>disasters, regulatory compliance and publicized accounts of data loss
>and software/hardware flaws have made DR a primary concern for
>organizations everywhere.
>
>Toigo will then delve into the flaws of traditional DR plans and
>discuss more effective approaches to the issue through smarter policy
>and choosing the best technologies to suit your specific needs. Other
>topics covered include:
>
>-- How to "build in" resiliency instead of just "bolting on"
>-- High Availability and its place in DR
>-- Continuous Data Protection
>-- Application visibility and management
>-- Testing, testing, testing
>
>Following Jon Toigo, Compellent technology experts will present on
>thin replication technology and how it enables high availability to
>strengthen your overall DR plan. Lastly you will hear real world
>examples from peer presenters on how Compellent technology solutions
>allowed them to overcome the challenges facing you today.
>
>Plus, this free seminar includes breakfast, lunch and breaks where
>you can talk shop with other delegates -- your peers from some of the
>top companies in Orlando.
>
>Apply now to ensure your space is reserved. Call Seminar Delegate
>Relations Manager Marc Petito at (781) 657-1569 or go to:
>http://go.techtarget.com/r/2116859/638217
>
>** Please Note: Due to space constraints, all prospective attendees
>must apply prior to this event and receive confirmation from the
>event producer that the application was accepted and approved. No
>"walk-ups" please. Thanks for your understanding.
>
>
>
>
>
>
>___________________________________________________________________
>ABOUT THIS E-NEWSLETTER
>This e-newsletter is published by TechTarget, a targeted Web site
>from TechTarget, the most targeted IT media and events company.
>TechTarget offers magazines, Web sites, e-newsletters, Webcasts and
>conferences for enterprise IT professionals.
>
>Copyright 2007 TechTarget. All rights reserved.
>
>_____________________________________________________________________
>

MISTI INFOSECWORLD-08

2007-09-10T12:50:00.000-04:00

infoSec World Conference & Expo 2008
March 10-12, 2008, Orlando, FL
Optional Workshop(s): March 8,9,12,13 & 14
Expo Dates: March 10 & 11

Less than 30!

2007-09-10T12:49:00.001-04:00

days since my last blog.... jeesh!

SANS Orlando 07 (regional seminars)

QUANTUM R#G

2007-08-11T16:37:00.002-04:00

From our freinds at
Centre for Informatics and Computing, Ruđer Bošković Institute, Zagreb, Croatia

(HR is ISO code for "Herevastska Republic" - (Republika Hrvatska)

May 21??!?

2007-08-11T16:35:00.000-04:00

FORGIVE ME FOR MY TRANSGRESSIONS
ITS BEEN 82 DAYS SINCE MY LAST BLOG

Rogue "AV"

2007-05-21T13:19:00.000-04:00

Antivirus Solution is rougue

so is ExpertAntivirus:

http://www.411-spyware-remove.com/remove-expertantivirus/

Oh, Brother!

2007-05-16T10:34:00.000-04:00

About Point/Counterpoint betweek Marcus Ranum "Bruce You Ingnorant Slut" ( http://www.ranum.com/security/computer_security/editorials/point-counterpoint/ ) and Bruce Schneier ( http://www.schneier.com/essay-167.html ).

While the historical BigBrother (a la "1984) may not be reasonable, the arguments by the above dignitaries are less than convincing.

Yes - not necessarily one Big, probably many LittleBigBrother (ooo - Dustin Hoffman refernce anyone?)
Not necessarily better than Orwell's Big Brother
Now anyone can be a BigBrother to you (singly or collectively) - geeks with botnets, search engines, email services (and the combos).
One argued that your email isnt tied to your credit card isnt tied to your ISP isnt tied to your electric bill. But are they really that independant? Not so much anymore.
Also your grocery shopping IS tied your telephone. Maybe other shopping also. And they may be tied to banking and/or credit. Same goes for your utilities.

the PC (or the Mac if you cite the Superbowl XVIII* ad) was supposed to free us. But the internet came along and tied us together.

And maybe ties us up.

* i.e 1984's Superbowl

He He

2007-03-27T13:19:00.000-04:00

All your Base are belong to us
You have no chance to
survive make your time

ID

2007-03-22T09:15:00.000-04:00

new from http://freeyourid.com

works to OpenID for trans-internet authentication
redirect also

Amero's Defense

2007-01-14T15:44:00.000-05:00

Per FindLaw.com:

John F. Cocheo
Firm:	John F. Cocheo

Address:	111 Huntington St. New London, CT 06320-6621 Map & Directions

Phone:	(860) 536-1843

from my post @ norwich bulletin

2007-01-14T15:29:00.000-05:00

The only "expert" noted by the article is detective. Did the Defense bring their own?

During the time frame of the alleged offence, one only needs to go to any antivirus company list, bugtrack, microsoft technet security, or any of about 25 other sites that I use to show the state of windows (patches, SP, etc.) and malware in the wild. This is simple (very) forensic reconstruction.

Blame the teacher or Bill Gates?

2007-01-14T15:01:00.000-05:00

Link to BoingBoing about the case of teacher Amero.

I concur with BoingBoing (Xeni Jardin) comment and outlinks. major questions on the competency of the detective.

I've emailed the reporter in hopes to get full transcripts. Greg Smith at 425-4219 or gasmith@norwichbulletin.com

Also need to find defense lawyer.

Also emailed EFF. Will try to get Bruce Schneier's email/blog also.

cyber code law copyright book

2006-12-16T16:03:00.000-05:00

Book made available online

3 Ring circus

2006-09-25T21:12:00.000-04:00

3non-particpants: Outsiders
2on-the-inside: Members
1players: = Participants

The trick is getting people from ring 3 to ring 1. At least getting to ring 2 will provide fiscal stability. But ring 1 is the leadership and critical-mass

As to the org:
What day/time is most desirous?
1 mid-week (tuesday evening), 1-2 hours
2 Friday am, 1-2 hours
3 Friday half-day am (8-12)
4 Friday half-day pm (12-4)
5 Friday quitting-time (3-5/5+, meeting followed by dinner & people net/social)

What is most desired benefit of participating?
1 Getting Certified
2 Getting CPEs
3 Getting local experts
4 Getting info

If you need CISSP Cert prep, Jan 22-27 is CISSP prep week: are you interested?
1. Definitely!
2. Hmm.... if the boss OKs it.
3. Maybe
4. Not Likely

Any other questions?

Crypto everywhere

2006-08-26T22:55:00.000-04:00

The Reg reports: http://www.theregister.co.uk/2006/08/26/freenigma/
FreeEnigma
a crypto plugin for FF, usable with any web email!

http://www.freenigma.com/

(
since 'enigma' is noted, don't forget to visit and support THE HACK THAT WON THE WAR::::

BLETCHLY PARK http://bletchleypark.co.uk/
Codes and Ciphers http://www.codesandciphers.org.uk

)

SECURE ORLANDO

2006-08-17T09:16:00.000-04:00

SecureOrlando 2006

		October 5, 2006

AGENDA / REGISTER

(ISC)²^® and the Central Florida ISSA Chapter are pleased to present SecureOrlando 2006 to be held in Orlando, Florida, USA at Lockheed Martin Simulation Training & Support on October 5, 2006.

Mark your calendars now - you don't want to miss this outstanding seminar.

Today, security is acknowledged as an integral component of corporate success. (ISC)² SecureOrlando 2006 aims to assist information security professionals in preparing for the threats and issues they face today, as well as those that will come tomorrow.

Attend this conference and receive:

Top-notch information security sessions given by industry experts
Peer-networking opportunities
Discounts to (ISC)² products/services
Discounts on sponsor products/services

In addition, you will receive an (ISC)² backpack created for these unique conferences.

Advance your knowledge on emerging issues and get up-to-date on current trends and hot-button topics, come and join the Security Leadership Seminar!

Sessions include:

Compliance: SOX, HIPAA, GLBA, PCI
Raj Goel, CISSP, CTO, BrainLink International
Certification and Accreditation
Ray Potter, Director, Apex Assurance Group (formally Cisco Systems)
MILS
Dr. Ben Calloni, LMAeronautics
Risk Based Security Testing
Ali Pabrai, CEO, EC First, Compliance (also contributor to certification magazine)

Date: Thursday, October 5, 2006

For registration or inquiries, please contact
(ISC)² Americas:
Email: info@isc2.org;
Phone +1.866.462.4777,
Option #3

(ISC)² Members will earn 8 CPE Credits that will automatically
be credited

REGISTER TODAY

A Special Thanks to
CENTRAL FLORIDA ISSA CHAPTER for hosting this event

(ISC)2
1964 Gallows Rd Vienna , VA, 22182, USA

CITRIX CONFERENCE ORLANDO

2006-08-17T09:15:00.000-04:00



	Bring your networking and security colleagues to iForum 06 iForum Global 06 October 22-25, 2006 Have you been keeping iForum to yourself? Let your networking and security colleagues in on the secret. Put yourself in their shoes for a minute. Are your networking peers struggling with Web app performance and management? Do they have challenges extending secure remote access with existing VPN solutions? Is Web site performance limiting their business growth? Are your security peers concerned about critical business data loss—employee laptops being lost or stolen, attacks on Web applications for user or customer identities, and stolen or easily hacked user credentials? Bring them with you to iForum, where all of you will get solutions to these and other challenges. In-depth technical sessions include: Best Practices for Application Delivery—Selecting the Right Solution Building a Web Application Delivery Infrastructure—Understanding Citrix NetScaler How to Manage Application Performance Based on User Experience Solutions for Data Security—Protection of Intellectual Property Solutions for Workforce Continuity—The Overlooked Element of Disaster Recovery Planning Defeating Hacker Attacks with Citrix Application Firewall Spend time with Citrix technical pros in the largest Tech Lab ever. And if you really want to dig in, there are Hands-On Technical Workshops covering Citrix Web application delivery and SSL VPN solutions. When you register by September 1st, you'll save $100—and be entered into the Priority First drawing for a chance to win prizes. Plus, your networking and security colleagues will receive $200 off the regular conference fee using iForum code IFKW99 and entering your name as the referring attendee at the time of registration. So be a good friend: invite your colleagues to iForum to learn about the full range of access solutions available with the Citrix Access Platform. Register now!



	<>© 1999-2006 Citrix Systems, Inc. All rights reserved. Privacy Statement

Password Advice

2006-07-26T17:21:00.000-04:00

How to check that users are making passwords 10-20 A/a?

As noted above, this depends on the OS. For windows, the passflt and similar is probably the best way. This invokes a rule to require users to make passwords per the policy you establish (acceptable use policies). Some of the passflt and similar DLLs don't check for everything or can be buggy. Test to see if it does what you want acceptably and that it works in your environment.

For U/*/Linux, there are some variations by distribution. The parameters are similar as with Win, but configuration can vary.

Also, you only stated that you would be using UPPER and lower. Your policy should also include numbers and special characters (9@). Using only UPPER and lower characters (Aa) is extremely weaker than also including numbers and special. Unless your system will only allow Aa. If that is so, then 10 characters minimum is very deficient - you will need longer passwdds.

There are a couple ways to "verify" password. You could create a login script/login page that checks beyond what the passflt does. Another is to do periodic cracking (warning, get written permission), but this is tedious and problematic.

A couple of other points, password strength and length are only two parameters. password min. life (how soon can be changed) and max. life (longest) should also be considered. for example, if password is 8 long (even with aA9@ construct) max life should be around 30 days. But if passwd is 15 long, it could be used for 90 days. (these are simple examples - your mileage should vary). Other factors are how many fails, time between fails, timeout on fail or adminstrator needed on fail.

Also, how long is too long? There are studies that show paswd of around 14-18 is max the average brain can deal with. Teach users HOW to make good passwd - "I am the example of a master of information security" becomes the passwd 1@mAxm9l0f-MNFoSec for example. Also, you should determine if 10 is long enough for your environment (when other factors considered). The NSA had a study (by Trusted Systems?) that explained all these numbers very thoroughly as well as very simply (whew!).

Networks, Applications and Cisco

2006-07-13T10:03:00.000-04:00

There is a conundrum in networking indeed. The days when the network was the one thing that glued everything together seem to be passing. I have been in networks for over a decade. I think this is happenening for several reasons.

1. The Internet1.0. In the first era, everything became connected. So the LAN became less signficant. It was all about being online. The Internet becomes almost as ubiquitous as the telephone.

2. The "dot com bomb" - Internet value disappeared - and so did a lot of networker jobs. But the Internet is still ubiquitous and more so.

3. The security problem - the network allows all kinds of bad thing in and out. Having a network means getting a lot of extra stuff from third parties - intrusion detection, firewall, antivirus and so on.

4. WS, SOA and Web2.0. The still ubiquitous Internet becomes comoditized like telephones. The Application makes a comeback as Web Services. SOA "vritualizes" networks. Web2.0 puts functionality (bacK?) on the network. More than ever, it doesn't matter "what" the network is: the destination is the journey. The network is just the infrastructure. The value is in the applications.

And seen from a security viewpoint, this change (#4) is obvious. Hackers don't DoS routers and firewalls anymore. They want to get IN. They invent ways to get inside (e.g. phishing) to the applications and the data. "0wning" a router or a network is insignificant to them. The goal is the endpoint - hosts and applications.

I would guess that Cisco's application-orientation is because of the necessity to be part of the WS/Web2.0 wave. It is going where it feels the value is going. Microsoft did the same when it jumped on the Internet 1.0 (which it nearly missed). IBM doesn't make PCs anymore (which are comoditized; only the likes of Dell survive). It is probably still too early to project when Cisco will sell off its router business (just joking - or am I?). I'm not sure of Cisco's "telepresence" vision, nor how that will serve it's core business. But networking has changed in the last decade. It will continue to change and so will Cisco.

Dec doc mgt/sec conference

2006-06-30T18:10:00.000-04:00

Regulation, compliance, etc.[bko]
Sent via BlackBerry from Cingular Wireless

EMC + RSA

2006-06-30T07:49:00.000-04:00

and the lesson for today is:

Art Coviello, RSA CEO and President, said, “Information security threats are evolving from attacks on the network and the perimeter to attacks on the data itself. These attacks are designed to obtain information, intellectual property and other information that can be exploited for criminal gain. For this reason, security must be an integral part of the information infrastructure, transparently allowing authorized users to easily get access to information. . . . . .”

Full Spectrum Defenses

2006-06-24T17:58:00.000-04:00

Current IT Defenses Patrolling:

ZoneAlarm
Spybot S&D (incl resident agent)

Spyware Blaster (browser spyware protection/config) [www.javacoolsoftware.com]

Socketshield (drive-by hacking protection) [www.socketshield.com/ ]

Verification Engine (SSL validation) [http://www.comodogroup.com/]

'You got a better idea?!

Didn't I say we needed an ID law?

2006-06-14T10:27:00.000-04:00

JUST NOT THIS ONE!

(please, tell this is a dream; I will wake up....)

Nothing like the organizations that are losing/mishandling/inappropriately disclosing our ID info to make us prove that something bad is happening before they are at fault and have to do anything.

NO. its MY identity - I grant them a licence to use it, not the other way around!

Repeat after me. . . .

2006-06-13T14:48:00.000-04:00

Identity fraud, identity loss, identity misuse, . . . .

OK, it isn't really "theft" - you are you yourself and thou still. Its just that others are pretending to be one of more of yourselves. Maybe it could result in reputation theft or credit theft. ?

And all it take is google (as in, Johny I *ack *tuff)

Day 12

2006-06-12T12:00:00.000-04:00

Day 12 of Hurricane season. TS Alberto targeting us. NHC just issued Hurricane warnings for west coast of FL.

wonderful :(

DILBERT.COM

2006-06-12T11:56:00.000-04:00

Get your daily chuckle! Just don't tell your PHB.

NetNeutrality defeated by axis of internet evil

2006-06-11T17:38:00.000-04:00

Net Neutrality has lost in the House (as of this date; Senate appearance pending)

OK, so the telcos take over the terrestrial internet. What does the average netizen do? Do what Howard Stern did - get off the planet. Maybe we will see a counter-revolution of sorts - non-terrestrial, unregulated internet. Maybe Amazon-Google will buy into satellite internet. Or Intel-Microsoft will start up a north american WiMax internet. Doesn't the internet equalilze the little guy with the monopolies? As for me, I have satellite TV and satellite Radio, so if my incumbant monopolistic telco that just merged with (bought by) a former "infant" 'ringer' tries to squash my internet, phfltfft! I go galactic!

DNI activity on C&A revitalization

2006-06-11T10:55:00.000-04:00

Identity Royale

2006-06-11T10:54:00.000-04:00

from Digg

A Byte of Tid on C&A

2006-06-10T16:06:00.000-04:00

(OK, more that a TidByte...)
Hope that they pull this off. C&A (DoD) is a snapshot event, is tedious, based on spurious guidelines..... SANS has a good commentary also.

Identity (Dugg)

2006-06-10T13:32:00.000-04:00

Link back to DIGG article...

Author has good premise, Others, such as Schneier or Kern, have suggested as much (and have pointed to financial industry for solution). The device proposed would essentially be a "smart card". The banking industry is a logical choice - its is an independant yet highly regulated industry; ATMs and related POS devices are everywhere.

However the US banks

(1) reluctant to do such
(2) reluctant to push these smart cards despite the known benefit (with very few exceptions) (3) reluctancy might be because they would have to work with competitors (?); (4) haven't lost enough money (yet);
(5) haven't lost enough identities (yet - ~50 million so far 2006 - how much is enough?);
(6) public, politicians, etc. aren;'t pissed off enough about the millions of ID mishap/lost in banking industry (will VA episode be the straw?)

Ideas anyone?

Oh, forgot to add excellent idea by Entropy - legislate that you own your identity and license (my term) it to your bank, etc.!! You should be owner and controller of your own identity.

This also gets to Kern's and Cameron's discussions of what is and who owns identity (Cameron identity blog and Kern for network world or network computing magazine - I'll have to validate these external locations...)

Enterprise versus the Anonymizer?

2006-06-09T13:25:00.000-04:00

The above like is to Searchsecurity.com article "Blocking Web anonymizers in the enterprise" (Joel Dubin)

This article starts with a couple of errors. First, anonymizer is used not to hide the IP address, but to hide the user's identity (hence the term anonymous). Sometimes this may be the same. However, to hide IP address one would use a Proxy and/or NAT. It is possible that an anonymizer could also utilize proxy-like functions and/or NAT. In the case of unofficial anonymizers in the enterprise, this could be superfluous. The enterprise firewall/web proxy could already do that - at least to some extent. Also, in enterprise, perhaps we should create a "inverse anonymizer" scenario. This would really be a proxy for users to utilize in order to obfuscate that they are accessing a site in definance of enterprise policy and technical protections (the enterprise firewall/proxy would accept the "inverse proxy" and be unaware of real destination). The real protection for the enterprise winds up being the endpoint, not the network.

How to get Traffic

2006-06-04T23:10:00.000-04:00

Black hat agenda

2006-06-04T17:44:00.000-04:00

http://security-briefings.com/ published Black Hat agenda. Very interesting topics (duh!)

Web 2.0 - any better?

2006-06-03T23:24:00.000-04:00

And since I've been ranting about Web 2.0, "what is up with that?"

let me pick on one key of teh web 2.0 meme philosophics: "its about the data"
("Data is the Next Intel Inside" as O'reilly puts it:
http://www.oreillynet.com/pub/a/oreilly/tim/news/2005/09/30/what-is-web-20.html?page=1)

Using the above as a starting point, and looking at:
http://www.web2list.com/

how do sites like thinkfree, zilow, writely and ajax wirte protect data (or assist oneself to protect)?
is blogging enabling stalkers (e.g. dodgeball.com)
how can we protect (e.g. vox)

and maybe some mashism on securing one's data - "p2p as a suibstitute for pgp"

ooh ooh - time for the replay of SNL.. brain off!

IT@Cork, O'reilly and Web2.0

2006-06-03T22:46:00.000-04:00

I'll admit that initially I wondered how a meme like "web 2.0" could be trademarked.

On getting some background. Then I was a bit incredulous. Seemed like a reasonable position (CMP, O'reilly, et. al.). Intellectual property is quite ignored in the blogosphere; conferences for professional attendees probably should understan.

And the details of the backstory are quite well explained at Tim's blog. I don't see Tim's blog as self serving or blame adjusting. By his recollection, there seems to be enough blame to go around.

But I'vew seen a few posts in the blogosphere that are rather distrubing, some plain stupid. A lot of anarchy and mob mentality. Posts reacting like Tim had tried to trademark "Internet" (that was Al Gore, as I recall - isn't he trademarking "Global warming" now ;-0 ). These blogmobs should start out by checking historic facts, and maybe a trip to wikipedia (http://en.wikipedia.org/wiki/Intellectual_property). wikis are 'web 2.x' aren't they? I thought that we were freed from being leming-like (wasn't that the point of Apple's 1984 superbowl ad: no more 'Big Brother'?). Seems the blogosphere is like a gang of "Little Brothers". I wonder if any of them are using Macs? ( ;-o>

Has critical thinking been drowned in the sea of information we call the internet (a.k.a web, blogosphere,...)? Too much information, not enough thinking.

Or maybe the open source movement has (falsely?) left the impression that IPR has gone the way of ENIAC (http://en.wikipedia.org/wiki/Eniac)? Evin linux and mozilla are covered by IPR statements (also noted by Tim). Personally, I write professionally for IT industry magazines, and speak at similar conferences (Tim - wink, wink ;-) ) so I understand the need for IPR. Simply put, we should get credit for and be able to control what we concieve. When you grow something, especially something that one has an emotional tie to, it is only natural to be able to control it. Like "Web 3.0"*

If you don 't control, you have insecurity and anarchy.

'web 3.0', trademark ITDefPat 2006, no rights reserved.

EU/EC InfoSec

2006-06-01T13:52:00.000-04:00

From DarkReading/TechWeb

SOA sans jargon

2006-06-01T12:33:00.000-04:00

OK. its a lofty goal (ROTFL), but IMHO it probably needs 2b done. Like how many more "MAC"s do we need anyways (=>3 afaik)...

BEA :

SOA .... breaks it into six "domains" that are defined without jargon.
Three of the domains, which BEA labels as "business strategy and process,"
"costs and benefits," and "organization and governance," are basically business issues. The other three, "architecture," "building blocks" (i.e. services) and "projects and applications" are basically IT issues . . .

[ed: emphasis added] Sounds good...

(from SearchWebServices.com)

Top 10 Data Mgt . . . .

2006-05-31T11:52:00.000-04:00

From SearchCIO/Bitpipe (Pillar Data)

1. Central Policy-based controls
2. WAN Network Bandwidth Utilization
3. Security and Data Integrity
4. Remote Process Automation and Application Interfacing
5. Heterogeneous System Support
6. Point-in-Time vs. Continuous Replication
7. File Ownership Preservation
8. Open Files
9. Automation
10. Proof
&
11. Recovery Time

Top 20 Malware Protection Techniques...."

2006-05-31T11:39:00.000-04:00

From Bitpipe.com (BlueCoat)

1. Implement Host Integrity Checks
2. Limit Network Destinations
3. Limit Allowed Network Protocols for Clients
4. Limit Allowed Network Access for Applications
5. Control Application execution on Clients
6. Implement Data theft protection
7. Updates
8. Logs
9. Awareness
10. Continuous improvement

(11 - 20 at link above.... ;0

Its your internet - (Re)take control

2006-05-18T14:18:00.000-04:00

paste to your site
Take Back the Net -Secure Your Computer

More on the Value (devaluating) InfoSec Certs

2006-05-18T10:47:00.000-04:00

Let me start off with divulging that I am a CISSP as well as CISM. My viewpoint may be slightly biased as a result.

The first problem is that we must separate knowledge and experience. Training and education provide knowledge. They common way to evaluate knowledge is testing. This can be either or both knowledge testing as well as practical testing ("simulate doing it").

Doing, performing, being employed in a field and so on provide experience. The common way to evaluate experience is interviewing (someone), interviewing the someone’s past and present co-workers and superiors, reviewing someone's published works and resume.

Combining knowledge with experience results in expertise. The problem is that other "certifications" are not truly certifications - they only test, or the experience portion is insufficient. These should be called "qualifications" instead. But the CISSP (and others such as CISM) are not merely qualifications.

The CISSP (as well as other certifications) is NOT entirely "any other knowledge exam". This certification does test the subject's knowledge. It also tests someone's reasoning. The questions are not simply true-false - they require discerning the issues. Furthermore, the test (knowledge) is only a part of the certification. Someone must also provide evidence of experience (4 years, degree plus three years, etc.). Certification should show (and in the case of CISSP and CISM, does show) knowledge and practice.

Being a CISSP doesn't (as claimed by Mr. Herzog) qualify oneself to be the security manager of any topical area (areas of Body of Knowledge/Domain). The CISSP may not entirely qualify someone to work in a specific topical area. That should be agreed. What matters in this case is knowledge, specifically domain knowledge. My background is in networks and server engineering. I can secure systems and networks. But if I am asked, because I am a CISSP, to comment on or improve application security, my response (always) is "I don't do code". If that becomes a demand on my practice of information security, then I must get more knowledge. But that doesn't invalidate my CISSP or CISM certifications, let alone the certification(s) themselves.

We do need more than one type of Security pro. The CISSP is the standard. What we need beyond that is specializations based upon someone's knowledge base. One can be a credentialed lawyer, but are they a tax lawyer or a criminal lawyer. Likewise, one can be a security pro - such as a CISSP. But the security pro should go beyond to demonstrate their practice area.

Failure of Infosec?

2006-05-12T09:22:00.000-04:00

hmmm. I'd probably agree.

Devaluating the CISSP? College CISSP programs

2006-05-11T10:19:00.000-04:00

Yes, this is an interesting development. The experience is and should be the basis for certification. This is especially true for certifications like the CISSP. For the CISSP (and similar), this is crucial. The CISSP is so broad, that it could be difficult to be exposed to all the domains in an academic environment (at least normally). Note that the CISSP brings security to areas that may otherwise be categorized in other disciplines, like business management and operations. For example, disaster recovery is not always a security function in some businesses. Granting a CISSP, even provisionslly, is really precarious. But we should also note that St. Pete College is a junior/community college (I previousl lived in the area but did not attend SPC). This might be a good location for a cooperative between ISC and academia. There is a significant likelihood that the participants may be enrolled while working. In this case, it would be critical for a comprehensive work-study and/or internship program. The goal here is not really gaining certification, in my proposal. It is gaining experience. Certification must be the proverbial carrot. During the (presumably) four-years of academics there must be significant assigment and experience within the domains/body of knowlege. I would suggest that this could be difficult for a full-time academic student. And maybe it should be? Full-time, presumably day-time students wouldn't be available for real work experience at most typical jobs. Also, the academic staff would be just that - academic. What is needed is instruction by CISSPs (and CISMs, etc.) who are experienced and current with technologies and practices. That would be beneficial to the student, to industry and to the Security profession. Maybe full-time (day) students could engage. However, they would not, and should not gain experience credit until graduation. Summer internship wouldn't count either - 3 months is just not enough time to get started I'm not criticizing either (ISC)2 or SPC. A program of this nature is needed and beneficial. However, we must be sure that such a program retains its value to the apprentice as well as to the profession and certification.

Directory of all Web2.0 services

2006-05-07T14:25:00.000-04:00

From Oreilly Radar
http://radar.oreilly.com/archives/2006/04/web_20_directory.html

have your heard of these?

2006-05-07T14:09:00.000-04:00

new Nmap

2006-05-07T11:42:00.000-04:00

self elevate

2006-05-07T10:21:00.000-04:00

on elevating Power user to admin

Tips for emails for noobies

2006-05-06T15:55:00.000-04:00

Tips for emails for noobies

self-elevate

2006-05-06T14:25:00.000-04:00

dowload exploits

2006-05-06T14:21:00.000-04:00

DIGG IT

be sure to isolate recieving pc; A/V software might freeeek out when getting ;-)

Best free win sec tools

2006-05-06T14:14:00.000-04:00

sha-1 hash rev lookup

2006-05-06T12:23:00.000-04:00

DIGG IT
sha lookup COM

60 minutes to Intrusion detection

2006-05-06T12:12:00.000-04:00

passwd mgr

2006-05-06T12:00:00.000-04:00

CNet infosec podcasts

2006-05-06T10:32:00.000-04:00

comparison Lin-Win (web

2006-05-06T10:25:00.000-04:00

interesting graphics
DIGG IT

http://blogs.zdnet.com/threatchaos/index.php?p=311

WebApp FW

2006-05-06T10:14:00.000-04:00

Which WAF was that? there are too many WAFS (web application firewalls or wide area file systems?)

Spam control

2006-05-06T09:49:00.000-04:00

DIGG IT

from US-CERT - very basic info.

Crypto handbook

2006-05-06T09:34:00.000-04:00

DIGG IT: Handbook on applied crytpo

http://www.infosyssec.net/infosyssec/security/cry2.htm

Proxy

2006-05-05T21:59:00.000-04:00

free
DIGG (love? hate?) IT http://digg.com/security/Sitetunnel_bypasses_content_filters

Mixter's classic treatise!

2006-05-05T21:45:00.000-04:00

Protecting Against the Unknown
(thanks to Dancho for reminding me! See http://ddanchev.blogspot.com/2006/04/on-insecurities-of-internet_13.html)

DIGG IT!
http://digg.com/security/On_the_Insecurities_of_the_Internet_

Tutorial on how to hack SSL

2006-05-05T21:32:00.000-04:00

DIGG IT!
http://digg.com/security/How_to_decrypt_SSL_encrypted_traffic_using_a_man_in_the_middle_attack.
Too Cool

ALL about BOTS

2006-05-04T17:55:00.000-04:00

DIGG IT! bigtime

SSL Evading Trojans

2006-05-02T16:10:00.000-04:00

Dugg that!

SSL is bad

2006-05-02T16:08:00.000-04:00

Digg this - SSL Malware

Value Protection

2006-05-02T16:03:00.000-04:00

Very good discussion of InfoSec metrics
(digg this at http://digg.com/security/%28VP_%3D_%28N_%E2%80%93_E%29_N%29_The_Formula_for_Security )

Wikispaces

2006-04-27T13:48:00.000-04:00

added, linked to wiki (?)
[[wiki:itdefpat:home]]

Right Stuff

2006-04-21T09:08:00.000-04:00

Scott Crossfield, perhaps considered #2 of the "Right Stuff" test pilots of the 50s and 60s was killed in an apparent airplane accident. :-(

Enterprise InfoSec Architecture Model (Fred Cohen)

2006-04-20T11:49:00.000-04:00

(link to page; bypasses frames - use all.net to easily access rest of site)

Very comprehensive view of multiple elements of InfoSec Architectures - Business Risk, Tech Sec, Compliance, Governance.

And lots of pretty colors, too! [all rights as described at link]

Yahoo Publishing

2006-04-10T15:26:00.000-04:00

As see on http://tech.memeorandum.com/060410/p35#a060410p35

This entry linked to Wikispaces page (Security Architecture)

InfoSec Pro

2006-04-03T11:21:00.000-04:00

Security focus is always reliable.

Ethical Hacker - WEB Apps

2006-04-03T10:55:00.000-04:00

DIGG.com IT!

Good Bad and Ugly Powerpoint

2006-03-29T16:42:00.000-05:00

tips, from Digg

Top5 Net NoNo(NO!)s

2006-03-29T09:55:00.000-05:00

1. Ignoring network management tools
2. Inefficient wireless network design
3. Investing only in perimeter security
4. Underestimating the time it takes to build internal security
5. Throwing bandwidth at the problem

[per System Managment Pipleline]

knoppix essentials

2006-03-28T17:05:00.000-05:00

Probably should have just linked to the DIGG...

PDF formathttp://www.oreilly.com/catalog/knoppixhks/chapter/hack78.pdfand others...Migrate to a new Hard Drive http://www.oreilly.com/catalog/knoppixhks/chapter/hack61.pdfCreate an Emergency Router http://www.oreilly.com/catalog/knoppixhks/chapter/hack40.pdfInstall Knoppix as a Single-Boot System http://www.oreilly.com/catalog/knoppixhks/chapter/hack33.pdfFree Your CD to Make Knoppix Run Faster http://www.oreilly.com/catalog/knoppixhks/chapter/hack05.pdf [reply]

BUT, if you are faint of heart with *nix, go with Bart PE instead - win environment, win apps....

IT DefPat (Defense Patrol)

10.5

Updated: Tgt giant

Shopping

Updated: Rosh1

Updated: Kl nidre, yom kipr

Rosh1

Fw: HOOTERS Celebrates National...

Fw: WFTV Severe Weather

newness

Jobs

In 330

Fw:

holiday wish list

Innovation

Hold on

OMB, NIST, NSA, DoD Formalize Single Federal Desktop Configuration For Agencies Using Windows (21 September)

OWASP

deperimeterizationistalism

ISSA Officer meeting/telecon 19 Sept 2007

DR JOURNAL ORLANDO 2008

Attack of the Teenage Mutant Ninja Angelina

NDSS Conferernce

PASSWORDS diceware

The Florida Department of Law Enforcement Presents: Operation Weblock

Fwd: Announcing a New 'Disaster Recovery Planning' Seminar in Orlando Featuring Jon Toigo

MISTI INFOSECWORLD-08

Less than 30!

QUANTUM R#G

May 21??!?

Rogue "AV"

Oh, Brother!

He He

ID

Amero's Defense

from my post @ norwich bulletin

Blame the teacher or Bill Gates?

cyber code law copyright book

3 Ring circus

Crypto everywhere

SECURE ORLANDO

CITRIX CONFERENCE ORLANDO

Bring your networking and security colleagues to iForum 06iForum Global 06

October 22-25, 2006

Password Advice

Networks, Applications and Cisco

Dec doc mgt/sec conference

EMC + RSA

Full Spectrum Defenses

Didn't I say we needed an ID law?

Repeat after me. . . .

Day 12

DILBERT.COM

NetNeutrality defeated by axis of internet evil

DNI activity on C&A revitalization

Identity Royale

A Byte of Tid on C&A

Identity (Dugg)

Enterprise versus the Anonymizer?

How to get Traffic

Black hat agenda

Web 2.0 - any better?

IT@Cork, O'reilly and Web2.0

EU/EC InfoSec

SOA sans jargon

Top 10 Data Mgt . . . .

Top 20 Malware Protection Techniques...."

Its your internet - (Re)take control

More on the Value (devaluating) InfoSec Certs

Failure of Infosec?

Devaluating the CISSP? College CISSP programs

Directory of all Web2.0 services

have your heard of these?

new Nmap

self elevate

Tips for emails for noobies

self-elevate

dowload exploits

Best free win sec tools

sha-1 hash rev lookup

Bring your networking and security colleagues to iForum 06

iForum Global 06