Information Security

If you have been following my website, which you probably haven't since I don't update often enough to keep it interesting, but anyway; I started to go back to school to get my Bachelors of Science degree in 2011. When I started I knew that the B.S. should only be the beginning, after all, I had been in the technology industry and career field for 18 years. So my intent was to complete the B.S. and go directly into an advanced degree. When I completed the first degree 17 months later in 2013, I wasn't sure which direction to go.

This morning when I logged into my workstation, I found that one of my putty sessions to my AWS server had gone "inactive", I looked at the content of what was on the screen and I saw:

Broadcast message from root@ip-10-166-###-###
        (unknown) at 10:08 ...

The system is going down for reboot NOW!
Control-Alt-Delete pressed

Some of the interesting news articles in regards to Information Security this week, read more for details

• XSS vulnerability in Skype could allow 3rd party to change passwords
• Undersea communications cables are cut every 3 days
• Apple iOS 4.3.4 release & Jailbroken
• FBI Arrest 14 in relation Anonymous / PayPal case
• Internet Activist Aaron Swartz Charged in M.I.T. Data Theft
• Anonymous Claims Hack of NATO, Sends Warning to FBI
• BING DNS hijacked? SANS says it looks like it
• Three pizza chains ATMs hacked

Government Technology website has an article about an information security challenge:

Today has been a big day for news in the Information Security. The Department of Justice has the news on their own website regarding "Sixteen Individuals Arrested in the United States for Alleged Roles in Cyber Attacks More Than 35 Search Warrants Executed in United States, Five Arrests in Europe as Part of Ongoing Cyber Investigations"  

Today was day 4 of the GCIH course being taught by Mark Baggett. Things are going great and I'm learning stuff, I today we discussed SQL injection and cross site scripting.

Regarding prevention, the training it states to perform input checking and disallow/block the user from entering symbols or specials characters such the apostrophe (') or the semi-colon (;) or the percent (%), etc.

Martin McKeay has an article Write to learn, learn to progress where he talks about his history of blogging and how it has helped his career, this is a very good post with many good points. I've halfheartedly been blogging since 2004 and one thing I've realized is in order to be a good blogger and get "followers" you need to read other peoples blogs and contribute to ongoing "conversations".

So I was reading a post on the Emerging Threats signature mailing list and someone mentioned the SANS Internet Storm Center's 404 Project where your webserver sends information to SANS ISC whenever it receives a request for something that it can't answer, a 404 error.

Yesterday was the 2011 Cornerstones of Trust conference in Foster City, and we had a great turnout. There were 29 sponsor booths from various information security vendors. Four great tracks that were mostly full.

During one of the track session that I attended during the event was the Computer Incident Response Planning session presented by Neal McCarthy.

I am still seeing and hearing a fair amount of tweets and speculation about what the RSA Breach that was announced by Art Coviello, Executive Chairman, RSA.

There seems to be a lot of people worried about this particular breach stating that the RSA SecurID tokens have become "useless" or advocating that you request that RSA replace every one.