Tuesday, May 28, 2013

Privacy and Browsing: Does Google Know You Too Well?


Recently a colleague asked if I had any recommendations for maintaining some semblance of privacy when online. His specific concerns were web browsing, search, and email. In each of these cases, one or two well-known names have a reputation of knowing their users a little too well. How often do you see advertisements that seem to read your mind? Have you ever researched or purchased a product, only to see lots of advertisements for a related product or accessory?

Tuesday, May 14, 2013

How to crash a Windows shell

I typically write about things I have experienced, or topics of interest I have researched, but always something on which I have come to a conclusion. This week I am taking a different approach: document something I discovered, but for which getting to an answer goes beyond my skillset.

In July of 2010, I discovered a bug in Windows XP that allowed me to reliably crash a command shell. I reported the details to Microsoft's Security Response Center (any time you can force unexpected behavior in an application, there is at least a possibility that you can force your own arbitrary behavior). Microsoft's response was that while I was able to force cmd.exe to exit ungracefully, it did not indicate a security concern. That may well be true, but my curiosity brought it back to mind this week, and I was quite surprised to find that the bug still exists in Windows 7 with all current patches.

Tuesday, May 7, 2013

Being a “Paranoid” in a Social World

As the one responsible for LAN security in a major technology company, I am paid to be paranoid. As one that has been involved in security threat research for over a decade, I know there is good reason to be paranoid. In fact, I dealt first-hand with a case of credit card fraud a couple of months ago. Computer threats have evolved from pranks for attention a decade or two ago, to a major business that by one account is more lucrative than illegal drugs. At the same time, our lives are more Internet-connected (and accessible to bad guys) now than ever before – smartphones, tablets, game consoles, DVRs, home security systems, even household appliances and cars have network connections. A smartphone and a free app can become a credit card skimmer. Bots can troll Twitter to harvest phone numbers, bank card numbers, and phone PINs. One "vendor" even advertises a fraud service right in the open on Facebook.It’s enough to make a paranoid want to duck and cover, isn’t it?

Wednesday, May 1, 2013

Of Lemons and Prayer

One of my passions is leading an Awana club each Wednesday night. Awana is a Bible-based kids club that in our case is geared toward preschool through 6th grade students. We want to instill godly character in our kids through the gospel of Christ, Scripture memory, and Biblical lessons, all in a fun and exciting environment. Our core mission is to get as much of God’s Word as we can, as deep as we can, into the hearts of as many children as we can. One of the ways I make it fun is by injecting science experiments into the lessons I teach. Occasionally I document some of those lessons on my blog.

Most kids (adults too) have a variety of electronic devices. Cell phones, iPods, tablets, game systems, calculators, watches – all rely on battery power. Forget to charge the battery, and the device will not work. With many of these devices you may get a day or two out of them, but that’s about the limit. Once the battery dies, until it is recharged, the device is useful only as a paperweight!

Whois David?

My photo

I have spent the better part of two decades in information technology and security, with roots in application developer support, system administration, and network security. My specialty is cyber threat intelligence - software vulnerabilities and patching, malware, social networking risks, etc. In particular, I strive to write about complex cyber topics in a way that can be understood by those outside the infosec industry.

Why do I do this? A common comment I get from friends and family is that complex security topics give them headaches. They want to know in simple terms how to stay safe in a connected world. Folks like me and my peers have chosen to make a profession out of hacking and defending. I've been doing this for the better part of two decades, and so have a high degree of knowledge in the field. Others have chosen different paths - paths where I would be lost. This is my effort to share my knowledge with those that are experts in something else.

When not in front of a digital screen, I spend my time raising five rambunctious teens and pre-teens - including two sets of twins. Our family enjoys archery, raising show and meat rabbits, and simply enjoying life in the Texas hill country.

For a decade I served as either Commander or a division leader for the Awana Club in Dripping Springs, Texas; while I have retired from that role I continue to have a passion for children's ministry. At the moment I teach 1st through 3rd grade Sunday School. Follow FBC Dripping Springs Kids to see what is going on in our children's ministries.