Need usernames? Ask Google what Linkedin has!

I wanted to do some testing on access controls to a SQL server recently, but I needed to a decent password list and username list. Password lists are fairly straight forward to find and I used an excellent how to from the Pauldotcom Podcast to create my password list. Next I needed a list of usernames. To be effective, it … Read More

Disable JavaScript in Acrobat Reader

There have been a few vulnerabilities lately with Adobe Acrobat Reader handing malicious javascript badly and this post is to show how to disable javascript in Acrobat Reader.  While disabling an entire piece of functionality seems a bit like over kill, there are a couple of reasons that you may want to do this. Adobe was kind of slow patching … Read More

CISSP Prep Group Forming

This is a bit different from what I’ve posted before.  I’m forming a group to prepare for the CISSP examination.  We will be conducting the sessions via Skype and using some other online resources for sharing information.  I expect to get started in late April or early May and it should last about 3 months. I am doing the planning … Read More

Do the Payment Card Industry Data Standards Reduce Cybercrime?

On March 31st the House of Representatives Subcomittee on Emerging Threats, Cybersecurity, and Science and Technology held a hearing on the effectiveness of the PCI Data Security Standards.  Video and documents from the hearing are available here. The question of the day was whether or not PCI DSS actually prevented computer crime. I started watching it a bit late and … Read More

New look for the web site!

Tonight the new look for the website went live! Major thanks to Denise Smith for her work on the graphics.  Everything she’s done for the business has come out great looking.  I’m really excited to have this done.  I hope you all enjoy it as well.

What was that email password again?

Last week I was migrating a client to a new computer and was preparing to configure Outlook. Their email account used POP3 and they didn’t remember their password anymore. I really didn’t want to call the email provider to reset the password, but I had to get this setup too. With a bit of hunting around, I configured the account … Read More

Malicious Software Spreading Through Social Networking Sites

There is an active attack occuring on a number of popular social networking sites, such as Facebook, MySpace, Friendster and others.  Victims receive an invitation to view a video with a link attached to it.  When they click on the link, a message is displayed which states that they need an update for Adobe Flash Player and offering to install … Read More

Signing SSL Certificate Requests

A while back I wrote a post on how to create a Certificate Authority on Linux, import the CA certificate into Active Directory and use it as an internal CA for your organization. Then I went silent for a while on the subject. Here is the follow up on how to sign SSL certs. We are going to be generating … Read More

Using ‘script’ to record your session

This is something that I ran across recently and that I probably should have known about before.  I was doing some testing for an upcoming upgrade and was getting annoyed because I didn’t have a good way to go review the results.  I knew there had to be something out there for this though, so I did some digging. Turns … Read More

Create an SSL Certificate Authority on Linux and Use It in Windows AD

Here’s something that I have found useful at work. The company I work for full time uses SSL for its websites extensively. For our production systems, this means purchasing SSL certificates from a widely recognized Certificate Authority like Verisign or Thawte. But what about our development, QA and staging systems? It can get expensive when you’ve got 10 or 15 … Read More