wehuberconsultingllc.com

Although I still believe what I wrote in which I said that the use of wp_nonce in the last steps of the Wordpress Automatic Upgrade plugin is an unnecessary precaution, I am puzzled why it did not work.  According to Mark’s post on nonces, it sounds like in theory this "number use once" should still [...]

[Read more →]

Wow, I did not know about this security feature in 2.5.  I did not have the ‘SECRET_KEY’ defined since my WordPress sites were upgrades. Since I prefer to follow the Secure WordPress recommendations and missed that section in the paper, I added a random key to all of my sites. The key does not cause [...]

[Read more →]

A PCI audit point I saw recently recommended that servers not respond to ICMP timestamp requests. For externally based web servers this probably means asking your host provider to implement a rule on their router to block ICMP packets type 13 or 14 with a code of 0. I haven’t tried this but this should allow normal maintenance packets(e.g. ping) and prevent echo tests using timestamp requests.

[Read more →]

Recently while upgrading my WordPress blogs I installed WPIDS 0.1.2. WPIDS is a Intrusion Protection System, which is based upon the Intrusion Detection System PHPIDS. It is a nice plugin for those curious about WordPress security. In theory this should improve the security of my blogs.
For the last couple of days I have been [...]

[Read more →]

I just finished checking my WordPress sites with both a dork and a FTP. Google says that there 29,000 infected sites. I guess that I was left out of the party since my WordPress sites are at the most recent stable release.
Cyberinsecure recently posted details of an automated WordPress hacking tool that is doing the [...]

[Read more →]

I have been using the Comodo™ Firewall for over a year now. My experience with it leads me to believe that it is more secure than others on the market. I really liked its flexibility and monitoring capability. When the beta for version 3 came out I enthusiastically installed it. I was surprised and disappointed [...]

[Read more →]

I like Live Writer a lot but it is very hard to install when you are behind Microsoft’s ISA firewall. I spent a couple of hours trying to figure out what ports I needed to open in the firewall so that the Live Writer install program would install. All of my attempts ended with the [...]

[Read more →]

About once a month I go to the Windows Update and let it check my computer. If Windows Update is working properly, the Windows Update cupboard will be bare. Sometime in December Windows Update stopped working for me and it started giving me a userdata persistence error. The help system said that all of my [...]

[Read more →]

A review of electronic voting systems commissioned by California Secretary of State Debra Bowen has been released, and the results are “not encouraging…….

Report to California Sec. of State Details Security Flaws in eVoting Systems (July 27, 28, & 30 2007)
This link will take you to the article on SANS site. If you want to [...]

[Read more →]

Please follow the instructions below to run the SpamKiller removal tool. This will completely remove SpamKiller from your computer.Download and save the MSKCleanupTool.exe to your desktop. Locate MSKCleanupTool.exe on your desktop and double-click to launch. to download MSKCleanupTool.exe, type the link in your URl address bar: http://download.mcafee.com/products/licensed/cust_support_patches/MSKCleanupTool.exe

MSKDetct.exe - Application Error - Software - Virus/Spyware - [...]

[Read more →]

A document obtained by Computerworld from a reliable source indicates that Piedmont was presented with a list of 42 items that HHS officials wanted information on within 10 days. Specifically, Piedmont was asked to provide policies and procedures for:

Establishing and terminating users’ access to systems housing electronic patient health information (ePHI).
Emergency access to [...]

[Read more →]

This week I upgraded the Trend Micro SMB installation on my “dog food” server to version 3.6. It kind of worked. The virus checking stuff upgraded nicely but the Messaging Security portion did not. I got this message, “Error 1923.Service Trend Micro Messaging Security Agent Remote Configuration Server(ScanMail_RemoteConfig) could not be installed”.
I researched the problem [...]

[Read more →]

Comodo Free FirewallVersion 2.4
It’s Free. Forever. No Catch. No Kidding

The Award-Winning Comodo Firewall Pro

PC Magazine Online’s Editor’s Choice
Secures against internal and external attacks
Blocks internet access to malicious Trojan programs
Safeguards your Personal data against theft
Delivers total end-point security for Personal Computers and Networks

Install now for out-of-the-box protection against identity theft hackers, Trojans, scripts and other unknown [...]

[Read more →]

From Susan Bradley’s blog(aka SBS Diva) comes…
I have rec’d an email from one of my clients saying that he needs to recover email from 2005 in regards to a lawsuit. There is barely a backup plan in place. It holds backups of everything for a few days only, written only to an external hard drive. [...]

[Read more →]

Link to Don’t Panic, But New Discovery Of Electronically Stored Information In Litigation Rules Now Apply :: WRAL.com
Today I read a post over on Susan Bradley’s blog about the need to archive and I remembered this article. This article is a couple of months old and was written by lawyers practicing in the ESI area. [...]

[Read more →]

NewYorkCountryLawyer writes
“In SONY v. Arellanes, an RIAA case in Sherman, Texas, the Court entered a protective order (PDF) that spells out the following procedure for the RIAA’s examination of the defendant’s hard drive:
(1) RIAA imaging specialist makes mirror image of hard drive;
(2) mutually acceptable computer forensics expert makes make two verified bit images, and creates [...]

[Read more →]

TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted drive. On-the-fly encryption means that data are automatically encrypted or decrypted right before they are loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password or correct…
Link to TrueCrypt 4.3
I [...]

[Read more →]

Gpg4win - EMail-Security using GnuPG for Windows
Today I upgraded from 1.0.1 to 1.0.3 and experienced problems verifying files. I could not verify a file with GPGee or WinPT. The files had been verified under 1.0.1. GPGee said I had an invalid key and WinPT did not show any results. GPA did verify the file. I [...]

[Read more →]

TrueCrypt v4.2aTrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted drive. On-the-fly encryption means that data are automatically encrypted or decrypted right before they are loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password or correc…
This is an open [...]

[Read more →]

NewsForge | Portable open source software
Since I use several of the open source packages on this list, I have to say that I approve of the selections and will take a look at the ones I do not presently use. For the ultimate in portability I have Firefox and Open Office installed on a USB [...]

[Read more →]