Thursday, March 12, 2015
Updated CISSP Domains
- Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity)
- Asset Security (Protecting Security of Assets)
- Security Engineering (Engineering and Management of Security)
- Communications and Network Security (Designing and Protecting Network Security)
- Identity and Access Management (Controlling Access and Managing Identity)
- Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)
- Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery)
- Software Development Security (Understanding, Applying, and Enforcing Software Security)
Sunday, August 03, 2014
Review - Asus C720-2802 Chromebook
I recently picked up via Craigslist a "new in the box" Asus C720-2802 Chromebook to use as my new primary system for TechNewsRadio.com. The main reason was that DEFCON22 is coming up soon in Las Vegas and I needed a "relatively" secure system to attend sessions and take notes for ~8 hours a day.
My previous note taking system was relatively old ThinkPad that I had 3 sets of extra batteries for. So, I dropped about 6 pounds by moving to the C720. And I don't have to configure a fresh system to take to DEFCON and then scrub after.
This version (2802) seems like the middle build release (~Feb2014) from the original that was in late 2013 and the most current $199 version that uses the Intel Celeron 2955U processor (2848). There is also a newer more expensive C720 with an Intel Core i3 processor available.
- Keyboard is great.
- Integration with my Google account was flawless.
- Integration with all my core online services was flawless.
- Working offline seems to work as expected.
- Can't seem to check IMAP email with an extension or a native Chrome application.
The still to be determined:
- Will it get hacked at DEFCON?
- How to edit audio?
- Will it let me take notes all day at DEFCON?
POST DEFCON REPORT: There is now an IMAP client - CloudMagic. I am pretty sure I didn't get hacked at DEFCON. I was able to take notes all day long at DEFCON without any issues. I have not found a good solution for editing audio.
Saturday, August 02, 2014
TECH NEWS RADIO PODCAST #373 | 2014-08-02 | NMAP #DDOP
Thursday, June 12, 2014
Podcast Update On Personal Finance Tools
If you know others then please let us know!
Friday, May 30, 2014
Tracking News Related To TrueCrypt
Here are some links to stories about TrueCrypt shutting down:
- Reddit's SysAdmin
- Reddit's NetSec
TrueCrypt is a key tool in our toolkit for protecting data and we use it everyday. If it is actually going to go away then it will leave a big whole in end-user security options for data encryption.
Monday, September 16, 2013
Solar Power Review - Keeping Your Tech Powered While Camping
I recently picked up from Harbor Freight Tools the following solar power kit: 45W Solar Power Kit (#68751) for just over $150 (including tax).
Over the course of the last couple of months I've been able to try out the kit on several camping trips were there was no easy electrical grid access. The camping environment was pretty sunny but not always 100% full sun. The time of year for all the trips was summer and the location was Southern California. I ended up setting up the kit on the top of our small camper.
The main reason I picked up the kit was to keep all of my tech gear charged so I could keep tabs on email, news, and any tech issue with my sites. This was usually less than 1 hour a day which worked out well for my needs, and expectations related to being on a camping trip.
The gear I was able to keep operational using the kit included: cell phone, tablet, WIFI card, and a laptop during trips lasting up to 7 days.
I was suprised during the main daylight hours that the inverter could charge directly: the cell phone, tablet, and WIFI card. To keep my laptop charged I needed to capture to an emergency car battery system, and then use 3rd party car charger/inverter to get the right power levels to keep the laptop charged. I was also able to keep charged a USB battery pack so I could run my WIFI card during non-daylight hours when needed.
One other lesson learned, was to turn off all electronics while sleeping. This helped keep all the devices more readily available the next day then keeping them in standby/sleep mode overnight.
All in all the system worked very well and I'd recommend it.
Monday, August 12, 2013
DEFCON 21 (and 20 oops!)
We have a detailed report (PDF) from the sessions attended if you are interested. Just drop us an email to get the full report or a request via message on Twitter. A podcast summary is planned but not promised at this time.
Things that we are "worried about" from an Enterprise computing perspective:
- Social Engineering against users is like a hot knife cutting butter. Only defense seems to be training and awareness. Traditional information assurance (IA) protections: virus scanning, IDS, firewall, etc are not effective.
- You can't secure what you don't manage.
- Basic system administration tools and infrastructure services in the Microsoft Windows world can be used for evil: PowerShell, .NET, DNS, browsers, PKI, and SCOM.
- USB is not your friend.
- Mobile computing and Bring Your Own Device (BYOD) are really not your friend.
- Cloud computing could be your friend but probably won't.
- Developers writing code for an organization without a security focus is just asking for trouble.
- If you think your stuff is secure just because you have it behind a lock and a key you are in denial.
- In a year or less, penetration testing is going to include inexpensive mobile assault options via semi-autonomous very-small drones and robots.
Sunday, August 12, 2012
Prepping For Next Tech News Radio (TNR) Podcast
EDITED on 8/2/2014
The most current podcast has been released Tech News Radio #373.
The following are items currently in the queue for being included in a future podcast (no ETA):
The following are currently items of interest but probably not something we will cover in the next podcast (they propobably will be posted on @technewsradio):
- The 'new' eXploit magazine is devoted to learning about and examining exploits. The first edition is focused on: Metasploit, PMI, WSDL, SOAP, DoS
- Wickr is a secure communications app for Apple iOS that has no central repository of msgs & includes a msg self-destruct option
- Path is a "social network" that limits your social circle to no more than 150 people (aka Dunbar's number)
- Pair is an mobile application that only allows for communication between just two people
Saturday, September 10, 2011
Updates from Twitter - iPad, DEFCON 19, Podcasts, Mobile, Amazon, Etc
The following items were recently posted on @technewsradio:
- USB hub allows simultaneous syncing of 49 iPads http://t.co/OO9H7HW
- DEFCON 19 Podcast Review #security #news #research #hacker #conference http://t.co/rbCr7hK
- SpokenWord.org gets about 1000 new programs every day & they are looking for curators of categories to make the content more organized
- BigBlueButton is a open source collaboration and training system that integrates a bunch of open source projects http://t.co/mEL5dDS
- PC World has more details on the recent news from Qualcomm about their planned updated Snapdragon mobile processor http://t.co/lQQO8y4
- YouTube has a great overview presentation on how "Prezi for iPad" works http://t.co/sHFJBSo
- Amazon EC2 is now supporting Virtual Machine (VM) Import to Amazon EC2 instances http://t.co/35n2UtJ
- IObit has announced a freeware version of Game Booster v2 for Windows that is geared for improving game performance http://t.co/Q0lWB4D
- Via Box.net ... you can get e-signatures features via DocuSign services integrated with documents stored on Box.net
- Getting started with project management? - "scope, time & "cost" - a good reference at Wikipedia http://t.co/oVIzQIX
- "Heroes of the Computer Revolution" original book looked at hackers & nerds from the late 1950s to the early 1980s http://t.co/H4Vz2kM
- arborjs.org - a graph visualization library using web workers and jQuery http://t.co/Zao0gyv
Monday, August 22, 2011
DEFCON 19 Podcast Review
DEFCON 19 was in Las Vegas, NV from August 4-5, 2011. This yearly computer network security and hacker conference is full of cutting-edge research, detailed demos, awesome presentations, and a lot of partying. The podcast coverage was pretty good also. Here are my recommendations:
- Network Security Podcast
- Southern Fried Security Podcast: #59 Defcon Review
- Social-Engineer.Org: Live at Defcon 19
- PaulDotCom Security Weekly - Episode 254 Part 2 (08-11-2011) [wiki]
- Exotic Liability: #78 Con-dom
- Eruo-Trash Information Security Podcast
If you are interested in hearing my thoughts about DEFCON 19 then check out the PaulDotCom.com podcast (08-11-2011). I am the boring "IT Guy" trying to avoid the topic of "hot" women visiting the PaulDotCom.com booth. If you'd like to see a copy of my notes (13+ pages) then drop me a personal email to: "s h o l d e n @pobox.com."
Another Week Of Recommended Podcasts Worth A Listen
- MacCast 2011-07-26: Review of Apple Mac OS X Lion Release (News, Tips & Tricks)
- Author Debriefing (August 16, 2011) - The Triple Agent: The al-Qaeda Mole Who Infiltrated the CIA
- Southern Fried Security Podcast: Interview with Andy Ellis @CSOAndy [#58] & Interview with Rich Mogull [#57]
- IT Pro Show by Same3Guys: Detailed look at OpenStack
- KPBS Midday Edition: Social Media - Can It Keep You From Getting A Job?
- This Week In Google (TWIG) #108: Excellent coverage of the Google & Motorola News
Sunday, August 21, 2011
@technewsradio Posts You Might Have Missed
- SitePoint has announced "Build Your Own Wicked WordPress Themes - Create Versatile WordPress Themes That Really Sell" http://t.co/t9K7dMg
- iPhone: The Missing Manual, 4th Edition (by David Pogue) covers iPhone 4 & All Other Models with iOS 4 Software http://t.co/SMBNX2d
- Some great web-based cipher (i.e. encryption) tools posted to: http://t.co/gBerYw6
- Franklin Covey's Plan Plus Online has been updated for business workgroups that allows for team so collaborate between team members
- DJ Amber's latest CD release -- neo.maximal -- is available at http://t.co/SkH0LIr
- O'Reilly & Josh Clark have teamed up for a new Apple iOS programming & user interface design book called Tapworthy http://t.co/dEuvB5T
- Oracle has released VirtualBox 4.1.2 which improves stability and fixes regressions. Download via: http://t.co/rODJspx
- Roku has announced upgraded Roku 2 hardware: HD ($60), XD ($80) & XS ($100) #besthomevideostreaming
- Change your logon screen for Mac OS X Lion via these tips on MacRumors: http://t.co/G5Qf2vq
- Want to display your hard drives on your Mac OS Lion desktop? Tip here: http://t.co/o9XMKUa
- Are smash & grab tactics going to be something that grows? I don't think an adversary cares one way or the other http://bit.ly/nygX1B
Saturday, August 20, 2011
TECH NEWS RADIO PODCAST #372 | 2011-08-20 | Browser Phishing, National Cyber Range & Microphone Hijack
Listen! (Size 2.9 MBs, Running Time 2m57s)
Today's podcast examines three stories about computer network security:
- New browser tab and window phishing attack threats.
- Barry Rosenber at Federal Computer Week examines DARPA's National Cyber Range plans.
- Tim Wilson at DarkReading.com has coverage of new microphone hijacking attack options.
Saturday, August 13, 2011
This Week's Tech Podcasts Worth A Listen
- Windows Weekly 221: Mango, Windows 7 security, Hotmail, etc.
- MobileTechRoundup 245: tablet news, new phones, latest mobile updates
- Security Now 313: How The Internet Works: ICMP & UDP
- Marketplace Tech Report: 911, eBooks, riots, fantasy footboll, Wikipedia
- Typical Mac User Podcast 237: Lion FDE, Dropbox, PadPivot And Denoising Audio
- Wall Street Journal Tech News Briefing: All the latest business tech news fro WSJ.com
Sunday, May 08, 2011
Learn More About Hard Drives Including The Latest On SSD
Victor Cajiao's Typical Mac User Podcast has a great intereview by George Starcher with Scout Moulton discussing how hard drives work including a deep dive into the latest information about solid state drives (SSD).