Thursday, November 27, 2014

Happy Thanksgiving!

Happy Thanksgiving from our family to yours!

Wednesday, November 26, 2014

Cheap Rolex Knockoffs from the Russians in Korea

Just in case it is not clear, the below is an explanation of a scam selling unauthorized replicas of high-end goods, not an offer to sell the same.

Just in time for Black Friday and Cyber Monday, I received a spam offering "Limited time ROLEX replicas and Louis Vuitton handbags" at unbeatable prices. These aren't run of the mill knock-offs, no. These are "High Quality Luxury Replicas That Are An EXACT Replica. Even a Jewler [sic] Can't Tell Our Replicas apart from the real thing." Wow, right? Who wouldn't want high class fake luxury to go along with the annual post-Thanksgiving ritual of waiting in line for hours to save a few bucks on a TV? And surely an email from [email protected] (dot) com suggests a legitimate retailer, right?

Friday, November 21, 2014

Password reuse: don't let lax security at one site give away all your accounts

Person thinking "password" between a bank and a musical note
Passwords are a hassle. In many cases though, they are the first line of defense against someone accessing your accounts without your permission. But passwords are a hassle, so why would you want to remember dozens or hundreds of individual passwords? Why not use the same username and password everywhere?

Unfortunately even with solid security practices a business or web site may be compromised. Mistakes happen. Previously unknown software flaws are discovered. Sophisticated new attack methods are invented. Sadly though, sophisticated hacks are not usually needed: not every website follows the best security practices. Some sites fail even the most basic of precautions. It would be a real shame to log into your favorite entertainment website only to have your password stolen and used to break into your bank account.

Wednesday, November 12, 2014

Layers of security - a look at Fidelity 401k.com

This started out as a story of lax security at one of the biggest providers of corporate retirement services. As I researched though, it has become a lesson about layers of security. All in all, the company described does a pretty good job, and is making even more improvements.

If you have an account with Fidelity Investments (including their 401k.com and NetBenefits properties), take a minute to update your password, then read on. This time the reason is beneficial, and not breach-related: Fidelity recently updated the password rules to allow a significantly stronger password. tl;dr: jump to the end for a few quick tips.

Friday, November 7, 2014

Tech Tip: search for formatting, instead of for specific text

Everybody needs a tractor with a bucket loader. Some just don't know it yet :-)
Ever discover a fantastic feature you didn’t know you needed, and now don’t know how you got along without? That’s a bit how I feel about the bucket loader on my tractor, but I digress. Quite by accident I came across a feature in Microsoft Office that could come in handy.

Have you ever needed to search through a document, looking for formatted text rather than a specific string? For instance, you want to find every underlined word, or every italicized word, rather than a particular word. Why would you want to do this? I can think of a few reasons. Perhaps you are a teacher writing up a study guide for students … if every answer is underlined, you might want an easy way to jump from answer to answer instead of scrolling through the guide with the mouse wheel. Perhaps you are a network technician working with implementation templates - a template may describe the commands to properly implement a change, and italicize the values that vary such as vlans and ports. Searching for italicized text would ensure you didn’t miss filling in a value.

Tuesday, November 4, 2014

Facebook now has a Tor site: oxymoron or not?

An onion
Facebook is well-known for using information about its users in sometimes-awkward ways. Privacy and Facebook (or for that matter, privacy and any social media network) are not usually associated with one another. So why was Facebook in the news recently for providing a Tor-enabled means to connect to the social media giant? Why would users go to the trouble of hiding their tracks through onion routing, only to connect with a service whose express purpose is to share personal information with others?

Before answering that question, let’s talk a little bit about Tor.

Whois David?

My photo

I have spent the better part of two decades in information technology and security, with roots in application developer support, system administration, and network security. My specialty is cyber threat intelligence - software vulnerabilities and patching, malware, social networking risks, etc. In particular, I strive to write about complex cyber topics in a way that can be understood by those outside the infosec industry.

Why do I do this? A common comment I get from friends and family is that complex security topics give them headaches. They want to know in simple terms how to stay safe in a connected world. Folks like me and my peers have chosen to make a profession out of hacking and defending. I've been doing this for the better part of two decades, and so have a high degree of knowledge in the field. Others have chosen different paths - paths where I would be lost. This is my effort to share my knowledge with those that are experts in something else.

When not in front of a digital screen, I spend my time raising five rambunctious teens and pre-teens - including two sets of twins. Our family enjoys archery, raising show and meat rabbits, and simply enjoying life in the Texas hill country.

For a decade I served as either Commander or a division leader for the Awana Club in Dripping Springs, Texas; while I have retired from that role I continue to have a passion for children's ministry. At the moment I teach 1st through 3rd grade Sunday School. Follow FBC Dripping Springs Kids to see what is going on in our children's ministries.