Wordpress Security Whitepaper and a Random Tip
I found a pretty good Wordpress Security Whitepaper over at BlogSecurity.net. I followed most of the techniques, especially those that concerned protecting the wp-admin directory, since that's what got me hacked last time. Also, today, while installing 8 GB of RAM into my virtual server and after more than a decade of …
All Sorts of Stuff
First and foremost, I'd like to wish netnerds.net a happy birthday! I'm 10! "NetNerds.net" turned 10 years old on October 22, 2007. I wanted to post that day but I got hacked and didn't want to post again until I fixed the problem. So how did I end up with the name netnerds.net? Well, I called my best friend …
Hai. I got hacked. brb.
PowerShell: Set-Acl Does Not Appear to Work
If you've ever dealt with NTFS permissions in VBScript, you will no doubt appreciate just how easy PowerShell now makes it to manage access control lists. Basic examples in PowerShell books and around the 'net look something like this: $directory = "Test" $acl = Get-Acl $directory $accessrule = New-Object …
Powershell: Working with Passwords
When creating a new Active Directory user from the command line in PowerShell, you will likely find yourself using Read-Hosts's asSecureString switch when entering the password. $password = Read-Host "Enter password" -AsSecureString Next, you'll probably look around the Internets for a few hours or so trying …
Using Google/Gmail Apps as a Lightweight Postini Replacement
I work for a large company that uses Postini for Enterprise spam filtering and it does a fantastic job. It's actually famous for being one of the very few spam filter capable of blocking UCEs from the "Cajun Spam King" (No, Scelson doesn't sound very Cajun to me...). And in researching for this article, I …
TrueCrypt Now Supports Vista!
Just as I was heading off to bed, I decided to check the TrueCrypt website to see if they added Vista support. I've checked it a few times since March 19th, so I don't know why I didn't notice but version 4.3 now supports Vista. For a moment there, I thought Vista support was going to be vaporwear - they've been …
US-CERT Technical Cyber Security Alert!!!!111!
Today, as I received an email from CERT, I was reminded of the day in 2004 when it was announced that CERT merged with the US Government. I wondered what would change and even considered the possibility that red tape could turn the highly-respected CERT into something that people just didn't respect anymore. By the …
MSSQL: The Differences Between SAFE, EXTERNAL_ACCESS and UNSAFE Assembly Permissions
I found this useful security tip on Microsoft.com. SAFE is the recommended permission setting for assemblies that perform computation and data management tasks without accessing resources outside an instance of SQL Server. We recommend using EXTERNAL_ACCESS for assemblies that access resources outside of an instance of …
AIM 6: Err.. Port 443 Isn't Encrypting Anything But the Initial Login
A friend asked me what port AIM used and I guessed something along the lines of 5190. I wanted to check to make sure and, after issuing the command netstat -n from the comamnd prompt, I couldn't find any port even close to that in use. But I did see 443 in use.. SSL, eh? I was connected to the IP 126.96.36.199 at port …