wehuberconsultingllc.com

Wow, I did not know about this security feature in 2.5.  I did not have the ‘SECRET_KEY’ defined since my WordPress sites were upgrades. Since I prefer to follow the Secure WordPress recommendations and missed that section in the paper, I added a random key to all of my sites. The key does not cause [...]

[Read more →]

A PCI audit point I saw recently recommended that servers not respond to ICMP timestamp requests. For externally based web servers this probably means asking your host provider to implement a rule on their router to block ICMP packets type 13 or 14 with a code of 0. I haven’t tried this but this should allow normal maintenance packets(e.g. ping) and prevent echo tests using timestamp requests.

[Read more →]

I recently tried to visit Codeplex and got a an error page with a Server 500 error. It did not take too long to figure out that there was a configuration problem on my firewall, ISA 2004. There were several proposed fixes but the one that worked for me I found on a Techarena forum [...]

[Read more →]

Recently while upgrading my WordPress blogs I installed WPIDS 0.1.2. WPIDS is a Intrusion Protection System, which is based upon the Intrusion Detection System PHPIDS. It is a nice plugin for those curious about WordPress security. In theory this should improve the security of my blogs.
For the last couple of days I have been [...]

[Read more →]

I just finished checking my WordPress sites with both a dork and a FTP. Google says that there 29,000 infected sites. I guess that I was left out of the party since my WordPress sites are at the most recent stable release.
Cyberinsecure recently posted details of an automated WordPress hacking tool that is doing the [...]

[Read more →]

Last night I used the WordPress Scanner on two of my blogs and I got this message.
dangerous-check-[0] PHP configuration file found in http://www.somewebsite.com/
I guess it is complaining about the fact that I have a php.ini file. I guess there is a security implication I am do not know about. I googled php.ini and security and [...]

[Read more →]

I have been using the Comodo™ Firewall for over a year now. My experience with it leads me to believe that it is more secure than others on the market. I really liked its flexibility and monitoring capability. When the beta for version 3 came out I enthusiastically installed it. I was surprised and disappointed [...]

[Read more →]

About once a month I go to the Windows Update and let it check my computer. If Windows Update is working properly, the Windows Update cupboard will be bare. Sometime in December Windows Update stopped working for me and it started giving me a userdata persistence error. The help system said that all of my [...]

[Read more →]

A document obtained by Computerworld from a reliable source indicates that Piedmont was presented with a list of 42 items that HHS officials wanted information on within 10 days. Specifically, Piedmont was asked to provide policies and procedures for:

Establishing and terminating users’ access to systems housing electronic patient health information (ePHI).
Emergency access to [...]

[Read more →]

This week I upgraded the Trend Micro SMB installation on my “dog food” server to version 3.6. It kind of worked. The virus checking stuff upgraded nicely but the Messaging Security portion did not. I got this message, “Error 1923.Service Trend Micro Messaging Security Agent Remote Configuration Server(ScanMail_RemoteConfig) could not be installed”.
I researched the problem [...]

[Read more →]

Comodo Free FirewallVersion 2.4
It’s Free. Forever. No Catch. No Kidding

The Award-Winning Comodo Firewall Pro

PC Magazine Online’s Editor’s Choice
Secures against internal and external attacks
Blocks internet access to malicious Trojan programs
Safeguards your Personal data against theft
Delivers total end-point security for Personal Computers and Networks

Install now for out-of-the-box protection against identity theft hackers, Trojans, scripts and other unknown [...]

[Read more →]

From Susan Bradley’s blog(aka SBS Diva) comes…
I have rec’d an email from one of my clients saying that he needs to recover email from 2005 in regards to a lawsuit. There is barely a backup plan in place. It holds backups of everything for a few days only, written only to an external hard drive. [...]

[Read more →]

Link to Don’t Panic, But New Discovery Of Electronically Stored Information In Litigation Rules Now Apply :: WRAL.com
Today I read a post over on Susan Bradley’s blog about the need to archive and I remembered this article. This article is a couple of months old and was written by lawyers practicing in the ESI area. [...]

[Read more →]

NewYorkCountryLawyer writes
“In SONY v. Arellanes, an RIAA case in Sherman, Texas, the Court entered a protective order (PDF) that spells out the following procedure for the RIAA’s examination of the defendant’s hard drive:
(1) RIAA imaging specialist makes mirror image of hard drive;
(2) mutually acceptable computer forensics expert makes make two verified bit images, and creates [...]

[Read more →]

TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted drive. On-the-fly encryption means that data are automatically encrypted or decrypted right before they are loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password or correct…
Link to TrueCrypt 4.3
I [...]

[Read more →]

Solution Details
The Security Settings tabs do not respond after installing CSM on Windows2003/SBS 2003 with SP1.
I finally found this article. I do not use TrendMicro’s Dashboard very often but it has been a problem for me. Sometimes it would work. Sometimes it would not work. I did not think I had done anything wrong but [...]

[Read more →]

Gpg4win - EMail-Security using GnuPG for Windows
Today I upgraded from 1.0.1 to 1.0.3 and experienced problems verifying files. I could not verify a file with GPGee or WinPT. The files had been verified under 1.0.1. GPGee said I had an invalid key and WinPT did not show any results. GPA did verify the file. I [...]

[Read more →]

TrueCrypt v4.2aTrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted drive. On-the-fly encryption means that data are automatically encrypted or decrypted right before they are loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password or correc…
This is an open [...]

[Read more →]

Helix - Incident Response & Computer Forensics Live CD by e-fense™, Inc.
I was researching the Linux command, dd, and GParted because I wanted to migrate some data on old disk drives to my new disk drive and to see if I could copy a drive and debug a hardware/software problem on a PC I am [...]

[Read more →]

NewsForge | Portable open source software
Since I use several of the open source packages on this list, I have to say that I approve of the selections and will take a look at the ones I do not presently use. For the ultimate in portability I have Firefox and Open Office installed on a USB [...]

[Read more →]