WSANDERS.NET2008-12-03T23:55:29ZwsandersCopyright 2008, wsandersSPHPBLOGWhat We're Up Tohttp://www.wsanders.net/index.php?entry=entry081127-2217482008-11-28T00:00:00Z2008-11-28T00:00:00ZThe syntax of an ACE is relatively vertical-cheekyhttp://www.techfigure.com/2008/07/09/ho ... firewalls/
Somebody's been translating to babelfish and back again. Or else, the "security experts" have decided that they have to have their own version of broken English to obfuscate their documentation, lest we mortals understand it.]]>http://www.wsanders.net/index.php?entry=entry081022-1714382008-10-23T00:00:00Z2008-10-23T00:00:00ZThis is the Network Primeval, the maddening stalls and the lockups .... Bearded with cruft, and in blackouts wide, indistinct in the MIBs, Like outages of old, with I/O sad and pathetic.
I am finding these things at work all over the place in various desk drawers, file cabinets, dark corners of dusty places. If I find one actually operating ... well, I guess we'll just have to upgrade to thin-net. ]]>http://www.wsanders.net/index.php?entry=entry081018-1742312008-10-19T00:00:00Z2008-10-19T00:00:00ZWhat We're Up Tohttp://www.wsanders.net/index.php?entry=entry081017-1212312008-10-17T00:00:00Z2008-10-17T00:00:00ZCaptchas Make Me S0O0O0O0O0 Mad! This is like road rage, except your head explodes after trying to enter 10 different captchas with no success. Today's offender: cisco.com registration. Plus their password policy, which fails your registration successive times for not enough characters, not enough numbers, not enough punctuation marks, without actually telling you what the criteria are. Wonder how many registrants have their password set to C1sco!123 - ?
My better alternatives:
Recaptcha: Because you're helping the public good, and, like, saving trees and stuff. Asirra: Because kittens and puppies are CUTE! tppCaptcha: Because ASCII Art rules! (Although I don't know if it would be that effective if everyone used it.
]]>http://www.wsanders.net/index.php?entry=entry080927-1233422008-09-27T00:00:00Z2008-09-27T00:00:00ZWeather Offline UPDATE: Bought a new Linksys WRT54G2. $50 and works just like the old one, except that encryption actually works with the Powerbook G4 and the browser works with Firefox. We're a Cisco shop now, at home and at work.]]>http://www.wsanders.net/index.php?entry=entry080925-0825552008-09-25T00:00:00Z2008-09-25T00:00:00ZPlease Set Up Your Stupid Useless Security Questions "The first time you flew in an airplane, what was your destination?" "What year did you graduate from elementary school?" "What is your favorite fragrance?"
How am I supposed to remember all that crap? I can hear the notes being taped to the undersides of keyboards everywhere. Oh The Security!
Why not let me pick my OWN questions? USAA.com let me do that (those retired Brigadier Generals ought to know something about security) and even my lame HR site at work (which required me to set up such a complicated password that I have to write it down, and usually end up answering the secret questions and resetting it anyway.)
What's YOUR porn star name?]]>http://www.wsanders.net/index.php?entry=entry080916-2003192008-09-17T00:00:00Z2008-09-17T00:00:00ZWhy CMS Projects FailThis article pops up with a high rank in Google: http://opensourcecms.com/index.php?opti ... p;Itemid=1 along with a useful list of open source CMS products. It's OK but it doesn't mention the #1 reason for CMS project failure: Failure to allocate resources to maintain the content.
Example: In the early 90s I was (barely) involved in a municipal GIS project: Millions was spent on specialized GIS hardware (back when that stuff was REALLY expensive), software, and an initial database. But no one was hired to maintain the data. Within a couple of years the GIS was useless.
CMS's usually fail for the same reason. I can count the number of CMS's I've seen with years-out-of-date content on - well, four or five hands and counting. The moderation requirements and level of skill required to create content vary widely among CMSs. Plan accordingly.
FWIW We had great luck with Mediawiki. It requires no moderation, content can be created and edited by the most unskilled of users, the UI is familiar and exactly the same as Wikipedia, and the software defies all attempts to heavily customize it (that being a GOOD feature; the code is a giant hairball of PHP.) The only issue is lack of fine grained access control, but admins can lock pages, and you can throw up Basic HTTP Auth in front of it.]]>http://www.wsanders.net/index.php?entry=entry080911-1140512008-09-11T00:00:00Z2008-09-11T00:00:00ZThe Great Big Beautiful Wonderful Incredible Super Spectacular World of ZFS For example, setting up a mirrored filesystem with two disks is as simple as:
You can grow, shrink, take snaphots, thin provision, etc, etc, all for "free".
I'm late to the party, so others have created lots of blog entries before me, you can search for them. I'm hooked. ]]>http://www.wsanders.net/index.php?entry=entry080826-0948112008-08-26T00:00:00Z2008-08-26T00:00:00ZOld News: The 5 Best Kept Security Secrets 1. Most security holes hired experts find are well-known vulnerabilities with easily accessible patches. A lot has changed - you can send me ping of death packets all day long, and who runs telnet anymore?- but the 2008 update is that most common vulnerabilities are "social". Simply scamming credit card numbers from unsuspecting phishees is a multi-billion, worldwide business. Much less likely someone is going to decrypt your 1024 bit private key.
2. Contrary to common practice, scanning for vulnerabilities and patching holes is not good security. A tease in the original article, of course scanning for vulnerabilities and patching holes is not enough . Duh.
3. You can't find security breaches by looking for anomalies. 2008 summary: IDS sucks a lot less but still mostly just annoys users with false positives. This is improving as IDS gets better (slowly). Still, who cares about getting port scanned?
4. Hacker tools are essential for your arsenal. Yup. The more you know the better. Learn to code, for heaven's sake. Security "experts" who are really just script kiddies - well, I guess you have to start somewhere.
5. Key length is a near-meaningless measure of PKI. In 2000, 1024 bit RSA/Diffie-Hellman keys were just becoming the default. Now everybody has PKI, and a few even understand how it works. Your keys are going to get scammed (see #1) long before they get cracked.
One less clipping in the files ... ]]>http://www.wsanders.net/index.php?entry=entry080824-1540232008-08-24T00:00:00Z2008-08-24T00:00:00Z
This article pops up with a high rank in Google: http://opensourcecms.com/index.php?opti ... p;Itemid=1 along with a useful list of open source CMS products. It's OK but it doesn't mention the #1 reason for CMS project failure: Failure to allocate resources to maintain the content.