The case of the fake 1935 Babe Ruth

Quick: Why is it easier to find a 1935 Goudey Babe Ruth on Ebay than the 1935 Goudey card featuring four of his former Yankee teammates, the less-than-immortal Red Rolfe, Johnny Allen, Jimmie DeShong, and Dixie Walker?

Because Red Rolfe was more likely to end up clothespinned onto bicycle spokes, right? Right?

That’s likely, but definitely not the only reason. Read more

Farquhar’s security New Year’s resolutions

As I mentioned in passing last week, I had a job interview at the end of the week. There was one question, near the end of the interview, that’s a fairly common question, but I wanted to record my answer to that question because I think it’s important.

The question: What do I see my next role being?

Fair question. I said I didn’t know for sure, but I knew what I have to do to find out. Read more

Things to do for your relatives’ computers this Christmas

I wish I’d posted this last week, since many of us see one set of relatives at Thanksgiving and a different set at Christmas (and perhaps New Year’s). Here are things you can do as preventative maintenance for relatives whose computers could use a little help. Read more

Farewell to a St. Louis Christmas tradition

I saw something sad in the papers this week: Macy’s is closing its downtown St. Louis store, the former flagship Famous-Barr (or Famous and Barr, if you’re old enough) store.

And that means this past Christmas was the last Christmas for the American Flyer storefront Christmas layout. Read more

Happy 30th birthday, C-64

To celebrate the 30th anniversary of the Commodore 64’s release, PC World–a magazine published by the same company that once published RUN, a magazine dedicated to the C-64 and other Commodore 8-bit computers–had someone try to use a 64 for a week.

Not surprisingly, they found the 30-year-old computer not up to 2012’s demands.
Read more

How to study for CISSP

How to study for CISSP

I got the letter this week. The one from (ISC)². If the first word is “congratulations,” it means you passed. But if the first two words are “thank you,” you didn’t. If you want the letter that says “congratulations” in your future, it helps to know how to study for CISSP. Here’s how I studied for mine. Hopefully it will help you. It’s a long road. But it’s doable.

Read more

Amazon’s new Kindles look like rising stars

I’m a couple of days late and for that I apologize (I’ve been on the road), but this week Amazon released its anticipated Kindle tablet and snuck out a couple of new e-readers.

The tablet–7 inches, a faster-than-rumored 1 GHz dual-core CPU, priced at $199, and dubbed the Kindle Fire–seems to be an immediate hit, with 95,000 pre-orders in its first day. Amazon is selling each tablet at about a $10 loss, which it should easily make up by selling digital content.

Read more

The St. Louis tornadoes of 2010

I don’t normally post stuff like this, as weather posts are usually mundane. Today was a little different. We had tornadoes touch down in the St. Louis area today.

At about noon, we took cover in our basement. By 12:10, it was over. Sometime while the wind was raging and the sirens were going off, a crazy UPS driver dropped off some packages for delivery. The packages stayed put during the scare. Some areas to the north weren’t as lucky. Sunset Hills sustained 150 MPH winds.

Read more

Don’t use Internet Explorer this Christmas

In case you haven’t heard elsewhere, there’s a nifty unpatched vulnerability for Internet Explorer floating around. And it’s actively being exploited. Metasploit, an exploit toolkit used by penetration testers and script kiddies alike, is able to detect and utilize it.

Under these circumstances, Microsoft has been known to rush out a patch before the next scheduled Patch Tuesday, but the Christmas and New Year’s holidays will obviously slow things down.

In the meantime, installing Firefox and/or Chrome is prudent. I have and use both, since, to my knowledge, there hasn’t been a time yet when both of the two most popular alternative browsers had unpatched exploits in the wild.

The solution to paper passwords

I know your passwords are either written down or insecure. I know it just as surely as I know New Year’s Day is January 1.

I know because passwords have to be incredibly complex to be secure, and I know because the typical person has to juggle half a dozen of them, or more. Think about it. Your work account. Amazon. Ebay. Paypal. Facebook. Your bank. Your personal e-mail. Your credit card. Your online billpay service.

I know you’re not going to memorize a half dozen gibberish passwords that look like 5E%c2.3730pK$0/.

So you have them written down somewhere, which is OK, or you have them all set to the same thing (hopefully not “popcorn”), which isn’t OK. Even if you’re using 5E%c2.3730pK$0/ as your password.

A secured piece of paper works fine until you lose it, or you’re out somewhere and don’t have it.

The solution is a product called Lastpass. Software legend Steve Gibson talked about it at great length at http://www.grc.com/sn/sn-256.htm.

Basically it’s a program, which can run standalone or as a browser plug-in, that stores passwords securely. It mathematically slices and dices the data so that all that’s stored on LastPass’ servers is undecodable gibberish, but, given your e-mail address, your password, and a printable grid you can keep in your wallet, you can decode your password database from any computer, anywhere you happen to be.

There’s a lot of nasty math involved in cryptography, and I won’t pretend it’s my best subject. Gibson goes a lot further into the details than I want to get into. As someone who knows enough about cryptography to get CompTIA Security+ certification, and someone who’s read the official CISSP book chapter on cryptography twice, it sounds good to me.

An additional feature is the ability to store things you need rarely, but when you need them, you need them desperately. Things like your credit card numbers, driver’s license number, and your kids’ social security numbers.

There’s a free version of Lastpass, and a premium version that works on mobile phones and mobile software like Portable Firefox, which costs $12 per year.

The free version runs on Windows, Mac OS X, and Linux, which covers more than 99% of the computers out there today. And it runs in every major browser.

When you go to run Lastpass, it will import your stored passwords from your web browser(s). And it will give you a rating, based on how secure your passwords are and how often you re-use them. It will generate secure, random gibberish passwords for you and help you visit sites and change your passwords. Along the way it grades you, helping you to increase your security.

It can synchronize too. So if something happens and I have to change my Amazon password and I’m at work, my wife gets the changes, so if she needs to get into Amazon, she doesn’t have to do anything different.

It makes good security an awful lot less painful. I can pretty much say, without reservation, knowing nothing about you except that you use a computer, that you need this.

WordPress Appliance - Powered by TurnKey Linux