Sponsored Links

Unbridled Technojargon Ahead!

I assume you already know what you are doing and are just looking for confirmation. Or an improved method. Or maybe you almost know what to do...



Adding Hardware Monitoring to RHEL 4 WS PDF Print E-mail
Thursday, 05 April 2007 21:30

Part of Information Security is making sure your data is protected against loss, regardless of how the loss occurs. Any properly written Information Security policy will have a section about Business Continuity, which documents what to do in major disasters. But in addition, business continuity means making sure you've got regular backups of all your critical data and applications.

As an extension of this sort of policy, one should engage in routine hardware monitoring to try and detect hardware failures, before they can cascade into bigger failures. In this article, I'll describe the technical steps on how to install and configure hardware monitoring on a Red Hat Enterperise Linux 4 Workstation. In theory, these steps would be the same for the Advanced Server version.
Read more...
 
Annual Identity Checks PDF Print E-mail
Monday, 12 March 2007 10:18

Updated: 1/23/09

Added information about Innovis, a fourth credit reporting agency. Added information about TeleCheck. Expanded information about ChoicePoint/ChoiceTrust reports. Normalized formatting and other minor tweaks.

Wake-up! Time to get to work. Go get all your identity reports, make sure nothing has appeared that is bogus or suspicious. With the US economy in the same state as your average mushroom farm, getting credit of any sort is exceptionally difficult now. And thieves are going to be taking advantage of the situation any way they can. It's more important than ever before to keep on your toes! This year I've added details on a fourth credit reporting agency called Innovis Data Solutions, and re-verified all the other information is correct and accurate.

Get to it!

Updated: 10/7/08

Moved article from Gather website to JediMercer.com, reformatted slightly for cleaner apperance.

Updated: 3/28/08

Removed Horizonal Rule tags as Gather improperly undoes them. Updated several links and removed the link for stolenidsearch.com as it is now defunct. Added additional introductory paragraph about current year.

2008 is here and our long-promised bounty of money from the government will be sent out in just over a month. Be cautious about any offers on websites or in e-mail about advances on your government IRS rebate, or statements that you need to pay processing fees or other nonsense.

Oh, and it's past time to do another annual identity check! If you did one of these last year in 2007, you'll have the extra bonus of being able to compare your reports side-by-side and see any changes. In addition to protecting your identity and your finances, you may even find some ways to save money. So let's get on with the original article, shall we?
Read more...
 
You're Not as Private as You Think You Are PDF Print E-mail
Wednesday, 15 November 2006 16:50
Privacy concerns are riding high in the media currently, thanks to the high-profile data breach cases with the Veterans Association, AOL, AT&T and others. I'll just note quickly here that these events aren't really new, its just general public awareness is increasing. Which is good.

Privacy is a fickle thing in the United States. Unlike many other first world countries, we have no explicit guarantee of privacy rights, though many interpret parts of the constitution as such. Courts all over the land are involved in cases that (re)define privacy rights and law in the USA.

The single biggest issue with privacy rights in the US is having a clear definition of what privacy is. What sort of actions, information or things
can be said to be private? Privacy is deeply tied to social morés and subjective opinions. Often we Americans will go about our daily business with the assumption certain aspects of our lives are private, and others may not know about them. Yet in reality those parts of our lives are publically accessible. Once enough little pieces of information are put together and correlated, a surprisingly personal view of someone's life can be presented.

OK, that's enough musing, let's get into the fun stuff!

 

 
Read more...
 
How to get NTLM authentication in Apache 2.0 PDF Print E-mail
Friday, 18 August 2006 11:24

This is a quick-and-dirty method for kludging NTLM authentication (aka ActiveDirectory) into Apache 2, for purposes of doing HTTP authentication. Assuming you can get it running after following the steps below, you should be able to configure access files under Apache that will direct the webserver to authenticate HTTP users against a domain of your choosing. The server does not  have to be joined to the domain.
Read more...
 
Ethical Hacks: How to find the site admin password for Mercury Interactive's TestDirector v7.6 PDF Print E-mail
Thursday, 17 August 2006 23:31
IMPORTANT NOTE:The information presented here is to be used only for legitimate cases of access loss. Using these instructions to gain access to a system without permission is a violation of both state and Federal law.

At one of my old jobs as a security engineer, I was asked to find the admin password for an application (seems the company had managed to lay off everyone who actually knew it). This is an example of an "ethical hack", where techniques used by malicious people have legitimate application in the real world

TestDirector 7.6 stores all it's usernames, passwords, groups, and other metadata in MS Access databases. Now the standard database for the users is usually something like "Testdir.mdb" somewhere in the directory tree of the application suite. However, the admin password is usually stored in a database called "doms.mdb" which you should find in "c:program filescommon filesmercury interactiveDomsinfo".
Read more...