security

Busted at the Safeway for phone phreaking

Dave Farquhar Retro Computing, security , , , , , , , , , ,

Software developer, author, and blogger Jeff Atwood wrote his confessions of the 1980s this week. As a teenager and not-quite-adult, he was a phone phreaker.

More of this went on than anyone wants to admit. Rob O’Hara has podcasted about it. Read more

Don’t let what happened to Mat Honan happen to you

Dave Farquhar security , , , , , ,

Technology journalist Mat Honan infamously had his entire digital life hacked and erased this week. Slate published some advice to keep the same from happening to you, and my former classmate and newspaper staff mate Theo Hahn asked me to comment.

Read more

Should you remove all rights from disabled accounts?

Dave Farquhar security ,

I recently had a task: Find an industry best practice that says you need to remove all rights or permissions or groups from the account of a former employee, rather than just disabling the account.

There was only one problem. I could find no such thing. None. Nothing. In fact, I expect this blog entry to rocket to the top of the Google search results for just such a thing, because no such guidance exists. The question is, will anyone else ever search for such a thing. Read more

A data classification study question

Dave Farquhar security , ,

I was in a meeting last week where two CISSPs were battling wits, and one challenged the other with a question. I elbowed my boss and said that’s a great CISSP or CISM study question. He agreed. So I’ll repeat it here, with explanation.

Read more

How to give a computer or hard drive away more securely

Dave Farquhar security , ,

If you want to give away a computer, it’s best to securely erase the hard drive first in order to prevent someone from recovering sensitive data from it after it leaves your hands.

The problem with this advice is the lack of a comfortable, familiar way to do it.

But I found one. It’s called Privazer.
Read more

Did I violate my code of ethics?

Dave Farquhar security , ,

The CISSP exam (and any other (ISC)² exam) asks a few ethical questions. This question isn’t quite clear-cut enough for the test, I don’t think. But if you’re wondering what the test is like, this actually isn’t a bad thing to work through. My ethical questions on the test were more clear-cut than this, but the security questions weren’t.

Read more

Some lessons from cracking the compromised Linkedin password database

Dave Farquhar security , , , , , , ,

Here’s a blow-by-blow account of a security researcher’s attempts to crack the compromised Linkedin database. This is a very good example of ethical hacking.
Read more

One road to the CISSP: Do SSCP first

Dave Farquhar security , , , , , , ,

As my crazy week wound down, I had a number of visitors, including someone who’s been on the fence about taking the CISSP. She wanted some advice. The (ISC)² Code of Ethics says to give generously of such things when asked, so we talked for about 30 minutes. Read more

Bargain potential for AMD Socket FM1s

Dave Farquhar Hardware, security , , ,

Anandtech has an interesting overview of building HTPCs using AMD’s dead-end Socket FM1. I think it has interesting implications for anyplace you’re looking for value, not just in HTPC applications.

Yes, it’s a dead end, because Socket FM1 will be going away in favor of Socket FM2 in the coming months. But that’s one reason why there’s value potential here.
Read more

Change your Linkedin password now

Dave Farquhar security , ,

If you use the professional social networking site Linkedin–which I recommend, albeit now with caveats–you need to be aware that someone stole at least part of its passwords database and leaked it onto the Web. You should assume your password is among the stolen passwords and change it.
Read more