UTOS 2009 Presentation Resources

On Friday October 9th at 12:00 PM I will be speaking at the Utah Open Source Conference on how to put together a kit of security tools using open source software.  I discuss a fictional company that we work at and some of the things that we can put in place to help secure the environment and handle some of … Read More

New Open Source Project Created – Reconnoiter

Earlier this month I decided to take the scripts for username generation and roll them into an open source project.  There were a couple of reasons for doing so.  First, I needed source control hosting and SourceForge provides that for free as long as you release the project to the public.  Second, I want to expand the scope of it … Read More

Speaking at the 2009 Utah Open Source Conference

Last month I sent the Utah Open Source Conference a proposal for a presentation on “Building an Open Source Security Tool Set“.  Presentations are voted on by the registered attendees and the other folks who have submitted a presentation.  When I was making my votes, I saw that there were a lot of great abstracts.  In fact, there were a … Read More

Scripts to Generate Usernames

I’ve written a couple of posts about a script I wrote to generate usernames.  Since then I’ve written another script that uses Yahoo’s XML API and both of them have been included in SamuraiWTF.  It’s been pretty cool to see people try out something that I wrote and find it useful to them.  The scripts are still pretty rough and … Read More

Updated usernameGen.py

Mike Patterson on the Pauldotcom mailing list commented that he thought usernameGen.py could use handling for middle names.  The template that he suggested was of first initial, middle initial and last name.  I think he’s right.  Originally I had the script avoid middle names or initials, but I went back and added the format Mike requested. So here it is.  … Read More

Need usernames? Ask Google what Linkedin has!

I wanted to do some testing on access controls to a SQL server recently, but I needed to a decent password list and username list. Password lists are fairly straight forward to find and I used an excellent how to from the Pauldotcom Podcast to create my password list. Next I needed a list of usernames. To be effective, it … Read More

Disable JavaScript in Acrobat Reader

There have been a few vulnerabilities lately with Adobe Acrobat Reader handing malicious javascript badly and this post is to show how to disable javascript in Acrobat Reader.  While disabling an entire piece of functionality seems a bit like over kill, there are a couple of reasons that you may want to do this. Adobe was kind of slow patching … Read More

CISSP Prep Group Forming

This is a bit different from what I’ve posted before.  I’m forming a group to prepare for the CISSP examination.  We will be conducting the sessions via Skype and using some other online resources for sharing information.  I expect to get started in late April or early May and it should last about 3 months. I am doing the planning … Read More

Do the Payment Card Industry Data Standards Reduce Cybercrime?

On March 31st the House of Representatives Subcomittee on Emerging Threats, Cybersecurity, and Science and Technology held a hearing on the effectiveness of the PCI Data Security Standards.  Video and documents from the hearing are available here. The question of the day was whether or not PCI DSS actually prevented computer crime. I started watching it a bit late and … Read More

New look for the web site!

Tonight the new look for the website went live! Major thanks to Denise Smith for her work on the graphics.  Everything she’s done for the business has come out great looking.  I’m really excited to have this done.  I hope you all enjoy it as well.