wehuberconsultingllc.com

This week I disabled weak ciphers on our production web server. This vulnerability was escalated again this last week. This vulnerability exists when your server allows communication using SSL version 2. Less than six months ago it was identified and classified as a low risk. SSLV2 is obsolete and is not available in some of [...]

[Read more →]

Build a Generic Histogram Generator for SQL Server
Histograms help people analyze large amounts of data, whether you display them as tables or as charts. This article shows you how to do both.
… 1 day ago

JkDefragGUI – Freeware made by Emiel Wieldraaijer
… saved by 488 other people … 1 day ago

VirusTotal – Free Online Virus [...]

[Read more →]

Recently I installed the pfSense firewall and now I have started to check out some of the packages that make pfSense such an interesting firewall platform. Without going into too much detail here is my impressions on several packages.

NMAP – It kind of worked for me when I accessed it via the web server. It [...]

[Read more →]

Although I still believe what I wrote in which I said that the use of wp_nonce in the last steps of the Wordpress Automatic Upgrade plugin is an unnecessary precaution, I am puzzled why it did not work.  According to Mark’s post on nonces, it sounds like in theory this "number use once" should still [...]

[Read more →]

Wow, I did not know about this security feature in 2.5.  I did not have the ‘SECRET_KEY’ defined since my WordPress sites were upgrades. Since I prefer to follow the Secure WordPress recommendations and missed that section in the paper, I added a random key to all of my sites. The key does not cause [...]

[Read more →]

A PCI audit point I saw recently recommended that servers not respond to ICMP timestamp requests. For externally based web servers this probably means asking your host provider to implement a rule on their router to block ICMP packets type 13 or 14 with a code of 0. I haven’t tried this but this should allow normal maintenance packets(e.g. ping) and prevent echo tests using timestamp requests.

[Read more →]

Recently while upgrading my WordPress blogs I installed WPIDS 0.1.2. WPIDS is a Intrusion Protection System, which is based upon the Intrusion Detection System PHPIDS. It is a nice plugin for those curious about WordPress security. In theory this should improve the security of my blogs.
For the last couple of days I have been [...]

[Read more →]

I just finished checking my WordPress sites with both a dork and a FTP. Google says that there 29,000 infected sites. I guess that I was left out of the party since my WordPress sites are at the most recent stable release.
Cyberinsecure recently posted details of an automated WordPress hacking tool that is doing the [...]

[Read more →]

I have been using the Comodo™ Firewall for over a year now. My experience with it leads me to believe that it is more secure than others on the market. I really liked its flexibility and monitoring capability. When the beta for version 3 came out I enthusiastically installed it. I was surprised and disappointed [...]

[Read more →]

I like Live Writer a lot but it is very hard to install when you are behind Microsoft’s ISA firewall. I spent a couple of hours trying to figure out what ports I needed to open in the firewall so that the Live Writer install program would install. All of my attempts ended with the [...]

[Read more →]

About once a month I go to the Windows Update and let it check my computer. If Windows Update is working properly, the Windows Update cupboard will be bare. Sometime in December Windows Update stopped working for me and it started giving me a userdata persistence error. The help system said that all of my [...]

[Read more →]

A review of electronic voting systems commissioned by California Secretary of State Debra Bowen has been released, and the results are “not encouraging…….

Report to California Sec. of State Details Security Flaws in eVoting Systems (July 27, 28, & 30 2007)
This link will take you to the article on SANS site. If you want to [...]

[Read more →]

Please follow the instructions below to run the SpamKiller removal tool. This will completely remove SpamKiller from your computer.Download and save the MSKCleanupTool.exe to your desktop. Locate MSKCleanupTool.exe on your desktop and double-click to launch. to download MSKCleanupTool.exe, type the link in your URl address bar: http://download.mcafee.com/products/licensed/cust_support_patches/MSKCleanupTool.exe

MSKDetct.exe – Application Error – Software – Virus/Spyware – [...]

[Read more →]

A document obtained by Computerworld from a reliable source indicates that Piedmont was presented with a list of 42 items that HHS officials wanted information on within 10 days. Specifically, Piedmont was asked to provide policies and procedures for:

Establishing and terminating users’ access to systems housing electronic patient health information (ePHI).
Emergency access to [...]

[Read more →]

This week I upgraded the Trend Micro SMB installation on my “dog food” server to version 3.6. It kind of worked. The virus checking stuff upgraded nicely but the Messaging Security portion did not. I got this message, “Error 1923.Service Trend Micro Messaging Security Agent Remote Configuration Server(ScanMail_RemoteConfig) could not be installed”.
I researched the problem [...]

[Read more →]

Comodo Free FirewallVersion 2.4
It’s Free. Forever. No Catch. No Kidding

The Award-Winning Comodo Firewall Pro

PC Magazine Online’s Editor’s Choice
Secures against internal and external attacks
Blocks internet access to malicious Trojan programs
Safeguards your Personal data against theft
Delivers total end-point security for Personal Computers and Networks

Install now for out-of-the-box protection against identity theft hackers, Trojans, scripts and other unknown [...]

[Read more →]

From Susan Bradley’s blog(aka SBS Diva) comes…
I have rec’d an email from one of my clients saying that he needs to recover email from 2005 in regards to a lawsuit. There is barely a backup plan in place. It holds backups of everything for a few days only, written only to an external hard drive. [...]

[Read more →]

Link to Don’t Panic, But New Discovery Of Electronically Stored Information In Litigation Rules Now Apply :: WRAL.com
Today I read a post over on Susan Bradley’s blog about the need to archive and I remembered this article. This article is a couple of months old and was written by lawyers practicing in the ESI area. [...]

[Read more →]

NewYorkCountryLawyer writes
“In SONY v. Arellanes, an RIAA case in Sherman, Texas, the Court entered a protective order (PDF) that spells out the following procedure for the RIAA’s examination of the defendant’s hard drive:
(1) RIAA imaging specialist makes mirror image of hard drive;
(2) mutually acceptable computer forensics expert makes make two verified bit images, and creates [...]

[Read more →]

TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted drive. On-the-fly encryption means that data are automatically encrypted or decrypted right before they are loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password or correct…
Link to TrueCrypt 4.3
I [...]

[Read more →]