wehuberconsultingllc.com

I found an interesting problem today. If I run the DNS Randomness test at work using Doxpara’s widget, our ISP fails this test. If I run the test at DNS-OARC, I get mixed results. Sometimes the source port randomness is good and sometimes it is bad. Hmm… I am guessing our ISP has not patched [...]

[Read more →]

Recently I installed the pfSense firewall and now I have started to check out some of the packages that make pfSense such an interesting firewall platform. Without going into too much detail here is my impressions on several packages. NMAP – It kind of worked for me when I accessed it via the web server. [...]

[Read more →]

Wow, I did not know about this security feature in 2.5.  I did not have the ‘SECRET_KEY’ defined since my WordPress sites were upgrades. Since I prefer to follow the Secure WordPress recommendations and missed that section in the paper, I added a random key to all of my sites. The key does not cause [...]

[Read more →]

A PCI audit point I saw recently recommended that servers not respond to ICMP timestamp requests. For externally based web servers this probably means asking your host provider to implement a rule on their router to block ICMP packets type 13 or 14 with a code of 0. I haven’t tried this but this should allow normal maintenance packets(e.g. ping) and prevent echo tests using timestamp requests.

[Read more →]

I recently tried to visit Codeplex and got a an error page with a Server 500 error. It did not take too long to figure out that there was a configuration problem on my firewall, ISA 2004. There were several proposed fixes but the one that worked for me I found on a Techarena forum [...]

[Read more →]

Recently while upgrading my WordPress blogs I installed WPIDS 0.1.2. WPIDS is a Intrusion Protection System, which is based upon the Intrusion Detection System PHPIDS. It is a nice plugin for those curious about WordPress security. In theory this should improve the security of my blogs. For the last couple of days I have been [...]

[Read more →]

I just finished checking my WordPress sites with both a dork and a FTP. Google says that there 29,000 infected sites. I guess that I was left out of the party since my WordPress sites are at the most recent stable release. Cyberinsecure recently posted details of an automated WordPress hacking tool that is doing [...]

[Read more →]

Last night I used the WordPress Scanner on two of my blogs and I got this message. dangerous-check-[0] PHP configuration file found in http://www.somewebsite.com/ I guess it is complaining about the fact that I have a php.ini file. I guess there is a security implication I am do not know about. I googled php.ini and [...]

[Read more →]

I have been using the Comodo™ Firewall for over a year now. My experience with it leads me to believe that it is more secure than others on the market. I really liked its flexibility and monitoring capability. When the beta for version 3 came out I enthusiastically installed it. I was surprised and disappointed [...]

[Read more →]

About once a month I go to the Windows Update and let it check my computer. If Windows Update is working properly, the Windows Update cupboard will be bare. Sometime in December Windows Update stopped working for me and it started giving me a userdata persistence error. The help system said that all of my [...]

[Read more →]

A document obtained by Computerworld from a reliable source indicates that Piedmont was presented with a list of 42 items that HHS officials wanted information on within 10 days. Specifically, Piedmont was asked to provide policies and procedures for: Establishing and terminating users’ access to systems housing electronic patient health information (ePHI). Emergency access to [...]

[Read more →]

This week I upgraded the Trend Micro SMB installation on my “dog food” server to version 3.6. It kind of worked. The virus checking stuff upgraded nicely but the Messaging Security portion did not. I got this message, “Error 1923.Service Trend Micro Messaging Security Agent Remote Configuration Server(ScanMail_RemoteConfig) could not be installed”. I researched the [...]

[Read more →]

Comodo Free FirewallVersion 2.4 It’s Free. Forever. No Catch. No Kidding The Award-Winning Comodo Firewall Pro PC Magazine Online’s Editor’s Choice Secures against internal and external attacks Blocks internet access to malicious Trojan programs Safeguards your Personal data against theft Delivers total end-point security for Personal Computers and Networks Install now for out-of-the-box protection against [...]

[Read more →]

From Susan Bradley’s blog(aka SBS Diva) comes… I have rec’d an email from one of my clients saying that he needs to recover email from 2005 in regards to a lawsuit. There is barely a backup plan in place. It holds backups of everything for a few days only, written only to an external hard [...]

[Read more →]

Link to Don’t Panic, But New Discovery Of Electronically Stored Information In Litigation Rules Now Apply :: WRAL.com Today I read a post over on Susan Bradley’s blog about the need to archive and I remembered this article. This article is a couple of months old and was written by lawyers practicing in the ESI [...]

[Read more →]

NewYorkCountryLawyer writes “In SONY v. Arellanes, an RIAA case in Sherman, Texas, the Court entered a protective order (PDF) that spells out the following procedure for the RIAA’s examination of the defendant’s hard drive: (1) RIAA imaging specialist makes mirror image of hard drive; (2) mutually acceptable computer forensics expert makes make two verified bit [...]

[Read more →]

TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted drive. On-the-fly encryption means that data are automatically encrypted or decrypted right before they are loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password or correct… Link to TrueCrypt 4.3 [...]

[Read more →]

Solution Details The Security Settings tabs do not respond after installing CSM on Windows2003/SBS 2003 with SP1. I finally found this article. I do not use TrendMicro’s Dashboard very often but it has been a problem for me. Sometimes it would work. Sometimes it would not work. I did not think I had done anything [...]

[Read more →]

Gpg4win – EMail-Security using GnuPG for Windows Today I upgraded from 1.0.1 to 1.0.3 and experienced problems verifying files. I could not verify a file with GPGee or WinPT. The files had been verified under 1.0.1. GPGee said I had an invalid key and WinPT did not show any results. GPA did verify the file. [...]

[Read more →]

TrueCrypt v4.2aTrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted drive. On-the-fly encryption means that data are automatically encrypted or decrypted right before they are loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password or correc… This is an [...]

[Read more →]