Techie

There is a skit on SNL Weekend Update where Seth and Amy read the headline to a news story with one of them following the other with “Really?!” That is my reaction every time I begin to think about mobile phone security. The darlings of our open-source world, the ones us geeks carry around on our belts, well…they fall short. In light of the police now being able to search your phone without a warrant, I decided to do a blog post on how-to protect yourself. Now I find myself asking the giants of Tech, REALLY!? Lets run through the major mobile phone platforms and see which ones encrypt data: ...

There was recently a study that found when people knew that they were taking a placebo, it still helped. The common idea in the past was that you could utilize placebos for controlled studies only if the patient didn’t know. The mere act of going to the doctor, taking a pill, etc. meant that the mind was tricked! Being a security geek this struck a cord with me. Listening to vendors and ISSO/ISSM about their secure implementations it occurred to me that the medical world was playing catchup to infosec: ...

2 days straight now on IRC (##security on irc.freenode.net if you want to say hi) I have had to help someone compiling a program deal with it failing mid-stream. This is especially prevalent on security packages like fuzzers and such. First, what is stack protection? Buffer Overflow Protection In software, a stack buffer overflow occurs when a program writes to a memory address on the program’s call stack outside of the intended data structure; usually a fixed length buffer.[1][2] Stack buffer overflow bugs are caused when a program writes more data to a buffer located on the stack than there was actually allocated for that buffer. This almost always results in corruption of adjacent data on the stack, and in cases where the overflow was triggered by mistake, will often cause the program to crash or operate incorrectly. This type of overflow is part of the more general class of programming bugs known as buffer overflows.[1] ...

During my Air Force days I was involved with the roll-out of the “CAC” for Air Mobility Command at MacDill. No one could understand why the military would put so much time and money into giving all personnel new ID Cards and equipping machines with readers that did nothing at that point. The main feature back then was that when you removed your CAC your machine would automatically lock. Well, that or you would just leave your CAC at work and need to call a coworker to come retrieve you from the gate. What I failed to understand back then was that Multi-factor Authentication (MFA) was something fundamentally needed for our nations and armed forces security. This should have been apparent and clear to me as I scattered around some of the bases most secure locations to find mission essential passwords affixed to stickies on the monitor. ...

It seems everyone is posting their review after a few days of working with the laptop. I decided to take a different perspective with the initial review. When I first started playing with ChromeOS betas a few months ago I came to the realization that this was not for me. Two things were apparent: This machine is to provide a cloud-based Thin Client. I live off servers around the world, not necessarily in the cloud. As a geek, the Walled Garden drives me crazy. “What do you mean I can’t install a SSH server?!?!?” My girlfriend on the other hand could care less about a SSH server. She finds the Mac Mini a little overwhelming at times and really just wants the internet. “Show me where the Safari icon is.” For that reason alone I found ChromeOS to be built for her. Instant On and just a web browser. ...