Best Pfsense hardware

The best Pfsense hardware is rather subjective. I think the ideal Pfsense box should deliver solid performance while being affordable.

Read more

CISSP continuing education

Besides work experience, I probably get more questions about CISSP continuing education than anything else CISSP-related. Fortunately, keeping your CISSP can be a lot cheaper and easier than getting it in the first place was.

CISSP continuing education is measured in CPEs. You get one CPE per hour of “study.” Study is a pretty loose term. If you’re learning about security, you can probably find a way to make it count. You need to get 40 CPEs per year.

Read more

Did Microsoft steal DOS from CP/M?

Did Microsoft steal DOS from CP/M?

Did Microsoft steal DOS from CP/M? There’s $100,000 in it for you if you can prove they did.

Digital forensics consultant Bob Zeidman still says no. I’ve written about him before. But the rumors persist, hence the reward. So how would one go about claiming it?

Start with what we know.

Read more

Cyber security podcasts I listen to

Yesterday, after reading a post in which I cautioned about a popular security podcast, someone asked me what cyber security podcasts I do listen to. I wrote this up a long time ago and never posted it for some reason, so now I’m correcting the oversight. Here’s my collection of the best of the best security podcasts.

These are the security podcasts I’ve been listening to for several years now and continue to recommend. Security podcasts are a good way to keep in touch with current issues, and also a good way to get continuing education.

Read more

High side vs low side

High side vs low side

The other day I heard a reference to the “high side vs low side” of a computer system in a podcast, and the speaker didn’t stop to clarify. Worse yet is when you hear “on the low side” or “on the high side.” I came from the private sector into government contracting myself. I wasn’t born knowing this jargon either, so I’ll explain it.

Read more

Use F.lux to help yourself sleep better

I was listening to a podcast when the talk went off on a tangent, to a utility called F.lux. Whoever was talking made it sound like it was just for one platform, so I went looking for an alternative for Windows, given that merely 90.53% of us use it. The answer was F.lux! F.lux is also available for Linux, for what it’s worth. So I downloaded it.

The concept is simple. The lighting on our screens can interfere with our sleep patterns, so F.lux adjusts the screen based on what time it is, so that it interferes less.

Read more

How to disarm a scammer

Buried unfortunately deep in August’s Social Engineer podcast was some outstanding advice from British TV star R. Paul Wilson, who turned scamming into prime-time BBC TV for several seasons.

Wilson, who literally has sold someone a bridge that he of course didn’t own, has lots of experience on both sides of scamming, so his experience is invaluable. I was just disappointed that we had to listen to 45 minutes of Christopher Hadnagy and David Kennedy arguing before we could hear it, so I’ll cut through the garbage.

Read more

Droidpocalypse? Josh Drake says no.

Josh Drake, the researcher who discovered the Stagefright vulnerability in Android that lets an attacker hack into an Android device by sending a specially crafted picture or video in a text message, was on the Risky Business security podcast this week to talk about it. What he had to say was interesting.

Patrick Gray, the host, tends to be a pretty outspoken critic of Android and isn’t shy about talking up Apple. He tried to get Drake to say Android is a trainwreck, security-wise, but Drake wouldn’t say it. Drake actually went as far as to say he thinks Android and IOS are fairly close, security wise.

So why do we see so many more Android bugs? Drake had an answer.

Read more

Stunt Hacking: Why Charlie Miller hacked a Jeep driving on I-64

St. Louis-based security researcher Charlie Miller and his collaborator Chris Valasek got themselves in the news this week by hacking a Jeep driven by Wired journalist Andy Greenberg on I-64.

The reaction was mixed, but one common theme was, why I-64, where lives could have been at risk, rather than an abandoned parking lot?

I don’t know Miller or Valasek, so it goes without saying I don’t speak for either one of them, but I think I have a pretty good idea why they did it that way.

Read more

Work-life integration vs. work-life balance

I wanted to bring up another subtopic from Dr. Ellen Langer’s interview on the Social Engineer podcast: work-life integration. It’s important to consider work-life integration vs. work-life balance.

Dr. Langer stated that work-life balance is inherently unhealthy, because the idea creates a notion that you have to be one person at home and a completely different person at work. She didn’t put it this bluntly, but essentially it means living a lie at least part of the time. She did say nobody should want to live life like that.

Read more