Job hunting on your own vs. using a recruiter

A former coworker contacted me last week. He’d been employed in the same place for the last 16 or 17 years and he couldn’t remember how to look for a job. Who better to ask than a guy who’s changed jobs 9 times in the same timeframe? One obvious question to ask regards job hunting on your own vs. using a recruiter.

In fairness to myself, government contracting causes a lot of job-hopping. And in fairness to him, the game’s changed a lot since the last time he had to play. IT Recruiters existed back then, but back then when you wanted a new job, you found it yourself.

I still use both methods.

Read more

Double-check your security with Qualys Browser Check

In the past, I’ve recommended Secunia PSI as a way to keep your systems up to date. I know from my own experience that it helps, but I also know it doesn’t work 100 percent of the time.

When it comes to security, nothing is more critical than making sure your updates are applying correctly. That’s where my employer comes in, with Qualys Browser Check.

Read more

Why domain squatting works

I lost an afternoon troubleshooting a Websense non-issue. A web site related to Salesforce wasn’t working, and any time something like that happens, Websense goes on trial. About all I can do is make sure it’s a fair trial. Such is the life of a proxy administrator. And in this case, Websense was innocent–the guilty party was a dirty, no-good domain squatter. It’s a business model. And people wouldn’t do it if it didn’t work. Here’s why domain squatting works.

Read more

All about the Lionel LW transformer

The Lionel LW Trainmaster is a 125 watt transformer that Lionel produced from 1955 to 1966. They are reasonably durable and Lionel made them for a long time. That means you can find them easily on the secondary market. They can be expensive if they have their original box and paperwork. But if you just want to run a train and don’t care about the paper, you can get a serviced LW for $50-$60, and an as-is one for under $40. At 125 watts, it’s the most powerful single-handle transformer of the postwar era.

The LW is a quirky transformer so there are some things about if you need to be aware of if you have other Lionel transformers, but as long as you keep those in mind, it’s a fine transformer that will serve you well. The quirks have nothing at all to do with reliability. Lionel just designed its layout a bit differently than many of their other models. In some ways it’s the ideal accessory transformer. We’ll cover that later.

One thing to keep in mind: Unplug the LW when you’re not using it. It doesn’t have its own power switch. I plug my transformers into a power strip and turn all of them on and off with the strip’s on/off switch.

Read more

All about the Lionel 1033

The Lionel Multi-control 1033 is a 90 watt transformer produced from 1948 to 1956. They are reasonably durable and were popular in their day, which means there are still a lot of them floating around so they tend to be inexpensive. I paid $70 for one about 15 years ago but the price has come way down; today you can get a serviced 1033 for about half that, and an as-is one for $20-$25.

Even someone who has a larger transformer or multiple larger transformers for the layout might be interested in a 1033 for the test bench, as it has all of the functionality someone would need for testing locomotives and whistling tenders.

Read more

Lenovo and Best Buy team up for a $149 laptop this year

Cheap laptops are nothing new this time of year–they’ve been practically a holiday tradition since 2002 when Sotec released a decent laptop for $900, which was jaw-droppingly low for the time–but this year, Best Buy is selling a Lenovo Ideapad 100s for $149.99, which, while not jaw-droppingly low given the number of $199 laptops that were available last year, is still the cheapest name-brand laptop I’ve seen. Note: Best Buy has since raised the price to $199, but Ebay has limited stock of the same item for $129.

I’ve seen some reviews, but there is one thing I haven’t seen anyone bring up yet: This is a netbook in every way, except I think we’re supposed to call them cloudbooks now. So keep that in mind. The machine is probably worth $149.99, but it made some compromises to reach that price point.

Read more

The problem with ditching Flash and Java

Last week Adobe issued an out-of-band Flash patch, and once again Brian Krebs urged people to ditch Flash, noting that he’s done so and hasn’t missed it.

We decided to try ditching Flash at work a few months ago, but it didn’t go quite so smoothly for us. I thought I’d share my experience.

Read more

The workstation events you want to be logging in Splunk

Every once in a while the NSA or another government agency releases a whitepaper with a lot of really good security advice. This paper on spotting adversaries with Windows event logs is a fantastic example. It’s vendor-neutral, just talking about Windows logs and how to set up event forwarding, so you can use the advice with any log aggregation system or SEIM. I just happen to use and recommend Splunk. But whatever you use, these are the workstation events you want to be logging.

I want to call your attention to a couple of items in the paper. Most breaches begin on workstations, and this paper has the cure.

Read more

Reversing some WordPress malware

Aug 2016 update: Back in 2015, some kind of spam bot wormed its way into my site. I quickly cleaned it up, then decoded the attack and posted details here. Not long after, the spambot started directing traffic to this post, because it contains enough of the magic words, I guess. Only instead of serving up spam, it’s serving up my analysis. I’d rather you read this than spam, so I’ve left this page up.

On to the original post…

A few minutes ago I received an alert that some files had changed on my site (thanks to All-In-One WP Security). But I hadn’t changed anything and WordPress hadn’t updated itself.

Here’s what I found, and how I fixed it.

Read more