Banking via Twitter??

When I first saw this fly by on Twitter (ironic) I thought it was Rsnake joking around.  I followed his comment about it over to Vantage Credit Union’s web site and saw that sure enough, their customers can do limited banking via Twitter.  Before I go further, let me state this openly.  I like and [...]

Tags: , , ,

Filed under:Security

Reconnoiter featured on Pauldotcom Podcast

The last week was really busy while I prepared to do my presentation at the Utah Open Source Conference.  While I was engaged in this process I got a message from Larry Pesce of the Pauldotcom Podcast.  He had some updates to Reconnoiter and wanted to shoot them over to me.  He said that he [...]

Tags: , , , ,

Filed under:Security

UTOS 2009 Presentation Resources

On Friday October 9th at 12:00 PM I will be speaking at the Utah Open Source Conference on how to put together a kit of security tools using open source software.  I discuss a fictional company that we work at and some of the things that we can put in place to help secure the [...]

Tags: , , ,

Filed under:Security

New Open Source Project Created – Reconnoiter

Earlier this month I decided to take the scripts for username generation and roll them into an open source project.  There were a couple of reasons for doing so.  First, I needed source control hosting and SourceForge provides that for free as long as you release the project to the public.  Second, I want to [...]

Tags: , ,

Scripts to Generate Usernames

I’ve written a couple of posts about a script I wrote to generate usernames.  Since then I’ve written another script that uses Yahoo’s XML API and both of them have been included in SamuraiWTF.  It’s been pretty cool to see people try out something that I wrote and find it useful to them.  The scripts [...]

Tags: , ,

Filed under:Security

Updated usernameGen.py

Mike Patterson on the Pauldotcom mailing list commented that he thought usernameGen.py could use handling for middle names.  The template that he suggested was of first initial, middle initial and last name.  I think he’s right.  Originally I had the script avoid middle names or initials, but I went back and added the format Mike [...]

Tags: , ,

Filed under:Security

Need usernames? Ask Google what Linkedin has!

I wanted to do some testing on access controls to a SQL server recently, but I needed to a decent password list and username list. Password lists are fairly straight forward to find and I used an excellent how to from the Pauldotcom Podcast to create my password list. Next I needed a [...]

Tags: , ,

Filed under:Security

Disable JavaScript in Acrobat Reader

There have been a few vulnerabilities lately with Adobe Acrobat Reader handing malicious javascript badly and this post is to show how to disable javascript in Acrobat Reader.  While disabling an entire piece of functionality seems a bit like over kill, there are a couple of reasons that you may want to do this.

Adobe was [...]

Tags: ,

Filed under:Security

CISSP Prep Group Forming

This is a bit different from what I’ve posted before.  I’m forming a group to prepare for the CISSP examination.  We will be conducting the sessions via Skype and using some other online resources for sharing information.  I expect to get started in late April or early May and it should last about 3 months.
I [...]

Tags:

Filed under:Security

Do the Payment Card Industry Data Standards Reduce Cybercrime?

On March 31st the House of Representatives Subcomittee on Emerging Threats, Cybersecurity, and Science and Technology held a hearing on the effectiveness of the PCI Data Security Standards.  Video and documents from the hearing are available here. The question of the day was whether or not PCI DSS actually prevented computer crime.
I started watching it [...]

Tags: , ,

Filed under:Security