We are now a RapidSSL reseller. RapidSSL is “the fastest growing SSL Provider Worldwide”. We have chose them as a partner because they are more affordable and setup literally takes 10 minutes.
If you have any questions about getting certificates for your site, feel free to contact us!
Anymore, when a person wants information from a website—it seems some sites want you to register and collect private information. Some sites use your information professionally and keep your data secret—but there is always some site out there willing to sell your information. Now there may be a way around that!
This site, Fake Name Generator, will actually create a false identity with address, email, phone number, SSN and even a bogus credit card number! The credit card information is of course totally useless—but the other information can help you save your identity just to get some information off a site—as long as they don’t verify the information via email (which is getting more popular).
Now there is also a business reason to use this site—especially if you work with databases and programs. You can request bulk data for free to test applications in Microsoft SQL Server, MYSQL and other database engines such as Oracle. The bulk data is also free—but you can request a quote for custom data including fields you need to test custom database applications. Here is a quote from the website:
We've generated millions of names for hundreds of companies and individuals! We can provide test data in several formats (including MySQL, CSV, tab delimited, and Excel) absolutely free through our Order in Bulk page.
We can also provide custom test data. E-mail us with your project requirements for a price quote.
Very cool little tool… Here is what a generated fake name may look like:
Kimberly D. Binion
842 Meadow Drive
Oklahoma City, OK 73106
Email Address: Kimberly.D.Binion@mailinator.com
Phone: 405-923-XXXX
Mother's maiden name: Delgadillo
Birthday: June 4, 1959
Visa: 4916 9944 7316 XXXX
Expires: 10/2008
SSN: 447-74-XXXX
Note: I added the X’s just in case!
Found this really intriguing study done at the CSO (The Resource for Security Executives) website. Basically, they took known public vulnerabilities of major operating systems and calculated the time to produce a patch. Here is a quote from the study that explains more:
The first comparison I wanted to look at was to see how the vendors did in general for security response across their Operating System (OS) products. Because many customers that have selected a vendor OS have deployments that may cross multiple versions, this view looks at the average security response time, in terms of DoR, across the supported product set. By vendor, here are the products included:
- Apple: Mac OS X, any version patched in 2006
- Microsoft: Windows 2000 (Professional and Server), and Windows XP, Windows Server 2003. Windows Vista is not included since it was only available for one month in 2006 and had no fixes.
- Red Hat: Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3, and Red Hat Enterprise Linux 4
- Novell: SUSE Linux Enterprise Server 8, SUSE Linux Enterprise Server 9, SUSE Linux Enterprise Server 10, Novell Linux Desktop 9, and SUSE Linux Enterprise Desktop 10
- Sun: Any Solaris version patched in 2006
Now here is the conclusion of the study. Note: I can not speak on the validity of the data—just thought it was interesting…
Days-of-risk in 2006 : Linux, Mac OS X, Solaris and Windows | CSO Blogs.
I am happy to see that Microsoft is going to play nice with other security vendors by giving them access to Vista operating system code. Mostly, this levels the playing field and gives the industry some sort of checks and balances in the security arena…
ROME—Microsoft said it would make available on Monday parts of key data to security software firms such as Symantec and McAfee to enable their products to work smoothly with its new Vista operating system.
Microsoft has promised the additional information to comply with European Union requirements that stem from the EU executive's landmark 2004 decision that the U.S. company used its dominant Windows system to damage competitors.
The codes are important for the companies as they will allow them to suppress Microsoft's own security "pop-ups" if a PC user decides to buy alternative security software, thus keeping brands such as Norton clearly separate from that of Microsoft.
But Microsoft is still developing software essential to the companies so they can block "spyware" and other malicious software.
Microsoft to Give Vista Data to Security Firms.
Microsoft has released 3 new Security Patches for September 2006; along with 2 re-released Security Patches. The re-released security patches included: MS06–040 and MS06–042. The new security patches for this month are:
TechNet Webcast: Information About Microsoft September 2006 Security Bulletins
Found this interesting site about The Art of Deception (John Wiley & Sons, 2002)—apparently, the first chapter was thrown out of the book during publication by the editors. This book is a very good read—but, I actually found this missing chapter the most interesting.
When famed hacker Kevin Mitnick wrote his book on computer security, The Art of Deception (John Wiley & Sons, 2002), the first chapter was autobiographical in nature. It was included in the advance galleys that were sent to reviewers, but when the book itself came out, that chapter was not included.
Someone posted it to Usenet, and "Kevin's Story" has spread from there. Mitnick has confirmed to Wired News that this is the lost first chapter.
The Memory Hole > The Missing Chapter from The Art of Deception by Kevin Mitnick.
Microsoft has released 7 Security Patches for July, 2006:
TechNet Webcast: Information About Microsoft July Security Bulletins
INSECURE.ORG listed the Top 100 Network Security Tools… Definitely a list worth looking at—see excerpt below:
After the tremendously successful 2000 and 2003 security tools surveys, Insecure.Org is delighted to release this 2006 survey. I (Fyodor) asked users from the nmap-hackers mailing list to share their favorite tools, and 3,243 people responded. This allowed me to expand the list to 100 tools, and even subdivide them into categories. Anyone in the security field would be well advised to go over the list and investigate tools they are unfamiliar with. I discovered several powerful new tools this way. I also will be pointing newbies to this site whenever they write me saying “I don't know where to start”.
Respondents were allowed to list open source or commercial tools on any platform. Commercial tools are noted as such in the list below. No votes for the Nmap Security Scanner were counted because the survey was taken on a Nmap mailing list. This audience also means that the list is slightly biased toward “attack” tools rather than defensive ones.
Lately, it seems stolen laptops have become the norm. I understand that equipment will be stolen—but why does a corporation allow laptop users to store confidential information locally on the PC? With VPN’s and thin client computing (Citrix)—there is no reason to store data on laptops. At least with mobile devices (Blackberry and Windows Mobile), administrators have the ability to wipe devices remotely. Cudos to the American Red Cross for at least encrypting the data—but hopefully this will be a lesson learned and data removed from corporate laptops.
DALLAS - A laptop containing personal information from thousands of blood donors — including Social Security numbers and medical information — was stolen from a local office of the American Red Cross, but officials said the information was encrypted.
Red Cross laptop with sensitive data stolen - Security - MSNBC.com.
The United States Computer Emergency Readiness Team (US-CERT) is reporting a new Microsoft Excel vulnerability:
Microsoft Excel contains an unspecified vulnerability. Opening a specially crafted Excel document, including documents hosted on web sites or attached to email messages, could trigger the vulnerability. Office documents can contain embedded objects. For example, a malicious Excel document could be embedded in an Word or PowerPoint document. Office documents other than Excel documents could be used as attack vectors. For more information, please see Vulnerability Note VU#802324.
