Ow, the other day I was infected by the the Vundo trojan. I believe the trojan came in through an infected webpage and attacked a Java vulnerability on my machine. During the cleanup, I installed a variety of anti-malware software, including Microsoft Windows Defender. Although I don't believe things can be 100% clean …

Update June 2 2015: FINALLY, Y'ALL! Looking Forward: Microsoft: Support for Secure Shell (SSH) I'm currently playing with Windows Server 2008 Core and I'm really at a loss trying to figure out why Microsoft seems to go out of its way not to adopt SSH. SSH seems like such an easy and straightforward answer to remote …

I found a pretty good Wordpress Security Whitepaper over at BlogSecurity.net. I followed most of the techniques, especially those that concerned protecting the wp-admin directory, since that's what got me hacked last time. Also, today, while installing 8 GB of RAM into my virtual server and after more than a decade of …

First and foremost, I'd like to wish netnerds.net a happy birthday! I'm 10! "NetNerds.net" turned 10 years old on October 22, 2007. I wanted to post that day but I got hacked and didn't want to post again until I fixed the problem. So how did I end up with the name netnerds.net? Well, I called my best friend …

Hai. I got hacked. brb.

If you've ever dealt with NTFS permissions in VBScript, you will no doubt appreciate just how easy PowerShell now makes it to manage access control lists. Basic examples in PowerShell books and around the 'net look something like this: $directory = "Test" $acl = Get-Acl $directory $accessrule = New-Object …

When creating a new Active Directory user from the command line in PowerShell, you will likely find yourself using Read-Host's -AsSecureString switch when entering the password. 1$password = Read-Host "Enter password" -AsSecureString Next, you'll probably look around the Internets for a few hours or so trying …

I work for a large company that uses Postini for Enterprise spam filtering and it does a fantastic job. It's actually famous for being one of the very few spam filter capable of blocking UCEs from the "Cajun Spam King" (No, Scelson doesn't sound very Cajun to me...). And in researching for this article, I …

Note from the future (2025): This post is from 2007. The TrueCrypt project was abruptly discontinued in 2014 and is no longer considered secure. The recommended and actively maintained successor is VeraCrypt, which is based on the original TrueCrypt code. Please use VeraCrypt for any new encryption needs. Just as I …

Today, as I received an email from CERT, I was reminded of the day in 2004 when it was announced that CERT merged with the US Government. I wondered what would change and even considered the possibility that red tape could turn the highly-respected CERT into something that people just didn't respect anymore. By the …