Josh Wieder

Excellent series on the topic here:  http://www.troyhunt.com/2011/11/owasp-top-10-for-net-developers-part-9.html Will it be implemented by developers? /challenge

[This article deals with issues with installing the 2012 GUI from Server Core. Do you need help with activating your license key? If so, try this article instead. ] Update: James Stephan, currently Senior Analyst with Dell Health Services, was kind enough to point out to me that I had neglected to mention this procedure will only function with fully licensed versions of Windows Server 2012. If you have downloaded and installed the free edition of Windows 2012 Server Core, you cannot activate the GUI. For quite a bit of detailed information specific to the free edition of 2012 Server Core, follow  this link to James' blog . So I just started playing with Server 2012. Right out of the gate, I encountered issues on installing to a hard drive with a pre-existing Windows 7 installation. I nuked the partitions during the install, however when trying to install the full server GUI, I got a "Windows component cannot be found" error. I believe this was the result of the instal

A few months ago, Noah Shachtman of Wired published an in-depth series of interviews with Eugene Kaspersky, owner of Kaspersky Lab. I realize this is an older issue, but its still worth checking out.  Schneir was late to the party, too, so I don't feel bad. First off, read the Wired article: Russia’s Top Cyber Sleuth Foils US Spies, Helps Kremlin Pals Then give Eugene's response a quick read: http://eugene.kaspersky.com/2012/07/25/what-wired-is-not-telling-you-a-response-to-noah-shachtmans-article-in-wired-magazine/ Then read the response to the response: http://www.wired.com/dangerroom/2012/07/kaspersky-indy/ How do you feel about your computers being owned by the Kremlin? Is it a refreshing change of pace from having your computers owned by the Pentagon/Home Office/Mossad?

Is anyone else scratching their heads about this HostGator / EIG acquisition? Accel-KKR has nice credit but $225 million feels like .com money, even for an established middle market. Maybe it makes sense for all the useless hardware that comes with it, I don't know. If anyone wants to enlighten a financial n00b shoot me an email.

{ Update : there is a new bit of Linux malware making the rounds that likes to play games with iframes. Comprehensive descriptions of the exploit are listed below - of particular interest is the write up on Crowdstrike. I don't have enough data to know for sure if the two events are related as nothing I administrate has been compromised, but the iframe mechanism is fairly unique in both cases. https://www.securelist.com/en/blog/208193935/New_64_bit_Linux_Rootkit_Doing_iFrame_Injections https://threatpost.com/en_us/blogs/new-linux-rootkit-emerges-112012 http://blog.crowdstrike.com/2012/11/http-iframe-injecting-linux-rootkit.html http://linux.slashdot.org/story/12/11/20/1733237/new-linux-rootkit-emerges Here is my comment on the Slashdot Article: http://linux.slashdot.org/comments.pl?sid=3263519&cid=42074663 } I usually take a quick look at this site's traffic and referral sources following a post. One of the great things about having a circulation close to

HIPAA, SOX, SAS-70 - those whose business relies on hosting a website are no stranger to the regulatory schemes of trade organizations and their acronyms. The PCI Data Security Standard is perhaps the most well known and widely adopted. PCI DSS is a set of very general outlines of security best practices for those who process and/or store credit cards using computers. Compliance is certified by a third party corporation (a Qualified Security Assessor or QSA), and demand is created by offering lower credit card transaction fees to websites who are certified as compliant. On the whole, the initiative has had some big successes. Credit card companies win by reducing incidents of fraud as more sites adopt standard security features, merchants win through reduced transaction costs and by being able to advertise a third party certification of secure site design and companies responsible for certification get to exist and create new jobs in the process. The standards have gone a long way to

Tropical Storm Debby recently made my acquaintance at my humble home here in South Florida. The storm itself was a non-starter, but apparently the outer strands of it spawned a series of tornadoes across Florida last Sunday.  While I am pretty handy with a computer, when it comes to un-nerd-related topics I am oblivious, and on Sunday I was unaware of Debby or the tornado warning that had been issued. It was sunny outside that day - if I had heard something I would have written it off as a false alarm anyway.  My home is on a lake and surrounded by trees. My favorite part of the house is the expansive back porch. The porch is screened and runs the entire length of the house - we've installed a hammock whose awesomeness cannot be translated into English as well as a large hand crafted wooden table. I tend to do my drinking in the hammock while whittling away the hours with a great view of the lake. The table is for when I actually need to get some work done or eat something. Bet