The Barking Seal

(In)Security of Removable Media

24Mar

Author: dan Categories: IT Management, Ramblings, Security Comments: 0

Removable media: We all have them, maybe a few of them in different sizes. They’re invaluable for various administration tasks. Trying to get network drivers onto that new machine you’re re-installing? How about bringing one with you when you have to patch a few machines that aren’t on the domain? Or loading Knoppix LiveCD onto one for resetting administrator passwords? We love flash drives, but we also know they can be perfect vectors for malicious users. As with many types of technology, as their popularity increases the more lucrative it becomes to write virus code that targets them.

IT careers prevalent among “The Best Jobs In America”

21Mar

Author: ben Categories: IT Management, Ramblings Comments: 0

This infographic from Focus claims that IT-related positions compose three of the top 10 “Best Jobs in America.” Systems engineers, IT project managers, and security consultants are ranked at number one, number five, and number eight, respectively. The graphic also indicates that 7 of the top 35 jobs are in the IT sector. Interestingly, there are only 13,000 security consultants, far fewer than the 200,000 IT business analysts, or the nearly 800,000 software developers.

Health care jobs also have a strong representation in the list. It’s a good time to be a security consultant working extensively in the health care sector. I’m excited that I regularly play the role of system engineer, project manager, and security consultant, often all in a single day.

The data was gathered from cnnmoney.com, payscal.com, and the U.S. Bureau of Labor.

Tags: IT, Recruiting

New edition of Unix and Linux System Administration Handbook/4E now in Safari Rough Cuts

19Mar

Author: trent Categories: IT Management, Ramblings Comments: 0

We’re just a few weeks away from sending the latest edition of the Unix and Linux System Administration Handbook to press, and as of today you can get a preview online at the Safari site.

This 20th anniversary edition brings the best of Unix System Administration Handbook and Linux System Administration Handbook together, and adds coverage of IBM AIX to updated coverage of Oracle America Solaris (formerly Sun Solaris), HP HP-UX, Ubuntu Linux, SUSE Linux, and RedHat Linux. In addition, it includes significant all-new coverage of system administration scripting languages such as Python and Perl, as well as virtualization, green IT, and modern standards and compliance management challenges. This is the ultimate system administration bible.

We’re very proud to have 4 Applied Trust staff members on the author team for this book (me, ned, ben, terry). Look for the printed version in your favorite bookstore this June (or, pre-order at Amazon now), but enjoy the Safari online preview in the meantime!

Tags: applied trust, books, system administration

Don’t Forget to Vote to Bring Google Fiber to Boulder by March 21!

18Mar

Author: beth Categories: Infrastructure, Ramblings Comments: 1

In case you haven’t heard, Google is offering to build an experimental network in a community with speeds up to 100 times faster than current Internet speeds, and at an affordable price. This new network is expected to radically change how communities access information and interact with the world.

Boulder is one of many communities vying to be the lucky recipient of this experimental network. As a city known for its smart people, progressive policies, and high tech companies, we are a great fit for a project like this. To capitalize on this, the City has stepped up efforts to get as many people as possible to vote, both by setting up a fan page on Facebook and by declaring this weekend “Boulder Fiber Weekend.” Although nominations are being accepted until March 26, the City is hoping to have everyone vote before midnight on March 21.

This is an awesome opportunity for us to bring in more jobs, boost our local economy, and enhance communications across all sectors of our community. And, of course, having lightning-fast Internet speeds would be pretty sweet, too. So, what are you waiting for? Vote now!!

Tags: boulder, fiber, Google

Ignite Heats Up Record Crowd at Boulder Theater

18Mar

Author: crossi Categories: Ramblings Comments: 0

Ignite Boulder is one of those events that seems to fit right into the unique culture of this town. What is Ignite Boulder, you might ask? Well, let me sum it up in one word: entertaining. Ignite events are held all over the country, and the format is pretty simple. Presenters are chosen by the organizers and the attendees weeks before the event via online voting, and anyone can sign up to present. Each Ignite has a theme, such as Heart and Soul, and the presentations are supposed to have some connection to that theme. This is where it gets interesting. Each presentation is only allowed to be 5 minutes and 20 slides long, and slides auto-advance every 15 seconds. This leads so some very quick, but generally enlightening, and almost always funny presentations.

Tags: boulder, Ignite, rants

Q1 2010 Printed Barking Seal Newsletter Hot off the Presses

16Mar

Author: beth Categories: Ramblings Comments: 0

Did you know that in addition to the Barking Seal blog, Applied Trust also has a quarterly print newsletter called The Barking Seal that features entirely different content? If not, now is the time to check it out! The printed Barking Seal first debuted in 2005, with the goal of providing a trusted source of useful information about the IT security and infrastructure arena to our clients, supporters, and friends. Since then we’ve covered many hot topics in the industry, and our latest issue is no exception. The Q1 2010 issue includes a feature article about the importance of change management, as well as a secondary article about our recent awarding of QSA certification status by the PCI DSS. You can read the issue online here, and if you’d like to subscribe to the printed edition, you can sign up here. Happy reading!

Tags: applied trust, newsletter, Security

Enlightening the Confused Deputy

09Mar

Author: zack Categories: Infrastructure, Security Comments: 0

Confused Deputy
One of the most interesting (in other words, “dangerous”) vulnerabilities that almost every existing web application falls victim to is cross-site request forgery (CSRF – “sea-surf”). CSRF is a type of malicious attack vector whereby unauthorized commands are transmitted from a user that the website trusts. It is an example of the confused deputy problem. This is different than the widely-known cross-site scripting (XSS) in that CSRF exploits the trust that a site has in the user’s browser, and XSS exploits the trust a user has for a particular web site.

Why do we do Social Engineering exercises, anyway? They seem so far-fetched sometimes.

04Mar

Author: terry Categories: Security Comments: 0

Frequently during the course of a security assessment, we get asked about social engineering. People want to know if it is really worth the time it takes, and what is the point, anyway? Well, the bottom line is that the access an intruder can achieve either by physically walking into an office or data center, or by convincing an employee to click on a link or divulge information over the phone, can be one of the quickest ways to a data breach. In fact, according to the FBI data security survey in 2009, non-malicious insiders (folks that just make mistakes such as the ones listed below) are a much bigger problem than malicious insiders. In fact, 16% of respondents reported that nearly all of their losses were due to these well-meaning insiders.

Categories

Archives

Recent Posts

Recent Comments