It seems like about once a month an aspiring coworker asks me how to get enough CISSP work experience. I think this shows a misunderstanding of the requirement, so I’m going to try to clear it up.
You don’t have to get your five years of work experience in one big lump. And that’s a good thing, because that would be hard to do. Sometimes you can get a security job without a cert and work your way toward it, but a lot of employers want you to come in with the certification already.
But that’s OK. As long as you’re doing something more than selling computers at retail, odds are you have some security experience that can count toward the requirement.
Continue reading Do I have enough CISSP work experience?
I’ve been asked a few times now for my recommended DD-WRT settings, or at least my good-enough settings. I think that’s a great idea, so I’ll walk through how I configure a DD-WRT router. Follow these steps and I can almost guarantee you’ll have the most secure network on your block.
For the purposes of this tutorial, I am going to assume you are configuring DD-WRT as your primary router.
Continue reading Recommended DD-WRT settings
I’ve talked before about the infamous Jeep hack, but there’s more to learn from it than just that cars are vulnerable. The way Charlie Miller and Chris Valasek hacked the Jeep has implications for any computer network.
Continue reading What you can learn about corporate networks from the Jeep hack
Aug 2016 update: Back in 2015, some kind of spam bot wormed its way into my site. I quickly cleaned it up, then decoded the attack and posted details here. Not long after, the spambot started directing traffic to this post, because it contains enough of the magic words, I guess. Only instead of serving up spam, it’s serving up my analysis. I’d rather you read this than spam, so I’ve left this page up.
On to the original post…
A few minutes ago I received an alert that some files had changed on my site (thanks to All-In-One WP Security). But I hadn’t changed anything and WordPress hadn’t updated itself.
Here’s what I found, and how I fixed it.
Continue reading Reversing some WordPress malware
I wasn’t surprised people were trying to hack my blog. What surprised me were how many people were trying to hack my blog–there was a time when I probably had more hacking-related traffic than I had reader-related traffic.
If you have a WordPress blog, you’re probably in a similar situation.
Continue reading Why someone would hack a WordPress account
I got the white screen again last week, but it was odd—it only happened if I tried to edit posts that were in draft or scheduled status. Already-published content would edit fine.
Clearing my cache helped temporarily, but the problem would come back as soon as I saved a post. I ended up doing two other things as well, and then the problem went away. I emptied my spam, which also greatly sped up the site, and I also deleted a mobile plugin that I was no longer using but was disabled. Disabled plugins can still affect behavior sometimes. Continue reading Fixing white screens when editing posts in draft in WordPress
Over the weekend I installed the All-in-One WP Security and Firewall plugin to fix another issue–more on that tomorrow–and I ended up breaking my site. Hopefully I fixed it to a better state than it started in.
The lesson, as with many security tools, is to proceed with caution.
Continue reading All-in-One WP Security and Firewall plugin can be spectacular, but be careful
Google is moving its corporate applications to the Internet. A year ago I would have said that’s the dumbest thing I ever heard. Today I’m not so sure.
Sticking stuff in the cloud is the popular answer to everything these days, and I just see the cloud as the new mainframe. It’s not a solution so much as a different take on the same problem, and while I see a couple of potential disadvantages, believe it or not I see some real advantages to the approach as well.
Continue reading Google’s migrating corporate apps to the cloud is less crazy than it sounds
Monthly patches and upgrades don’t always go well, but getting them down is increasingly critical, especially for applications like Flash, Reader, and the major web browsers. This week I called it “the new firewall.”
Twenty years ago, home users almost never bothered with firewalls. My first employer didn’t bother with them either. That changed in the late 1990s, when worms exploiting weaknesses in Microsoft software devastated the nascent Internet. Firewalls soon became commonplace, along with some unfortunate hyperbole that led some people to believe firewalls make you invisible and invincible, a myth that persists in some circles even today.
For this reason I’m a bit hesitant to declare anything a new firewall, but firewalls are necessary. So is protecting key software.
Continue reading The new firewall
Firewall maker Palo Alto Networks is sponsoring the Cyber-Security Canon, a sort of Hall of Fame of timeless, classic information security books.
I have to say I haven’t read every book on the list, by a long shot, but the books I have read that made the cut were, indeed, very good indeed. So I think I would be willing to recommend anything on this list without looking any further. Indeed, I probably need to buy a few of these books that I haven’t read and get reading myself.