Tech « Steve Shead Dot Net

Twitter and Legal Hacking

November 11th, 2011 by Steve Shead - No Comments »

I’ll admit I haven’t read through the whole article in the link below, but the government legally hacked someone? The fact that “legal” and “hacked” appear in the same sentence is a little concerning.

That being said, it is feasible that there are times when something like this might need to happen – National Security etc – and this was with reference to Wikileaks …but, what rights do we really have? Are liberties taken, or do we even believe that the liberties should be taken.

My thought is it can go either way, but if you are going to take away someone’s right to privacy, there had better be a darn good reason. That being said, I’ve heard talk of traffic traveling over and IP (what a concept) doesn’t belong the the person that is using the IP, therefore, can be intercepted. Really? That’s a little low don’t you think?

Soap box aside, like I said this conversation could go either way, here’s the link. See what you think about it – here, courtesy of the Guardian, UK.

Posted in: Tech |
Tags: department, hack, hacking, justice, twitter, us

Adobe 0Day Update Tomorrow

September 20th, 2011 by Steve Shead - No Comments »

It appears Adobe is releasing an emergency update to Flash Player to fix a 0Day vulnerability. Announcing it tells more people about it – catch 22 perhaps?

Here’s the release from Adobe: http://blogs.adobe.com/psirt/2011/09/prenotification-security-update-for-flash-player.html

…it never ends!

UPDATE: It appears Google patched Flash for Chrome before Adobe patched their own! Interesting since those that want to know what the vulnerability is could analyze the differences between pre and post patched. Here’s the post from Larry Seltzer on PC Mag Security Watch.

Posted in: Tech |
Tags: 0, adobe, day, update, zero

2011 – Information Security Breaches

August 21st, 2011 by Steve Shead - No Comments »

2011 is turning out to be a bad year when it comes to the amount of ‘records’ lost through security breaches. Searching around the web for information I’ve found a lot of resources that give details, but this article from networknewz.com, posted by Joe Purcell, puts it into perspective on the first couple of paragraphs, and has links to details on the breaches. Here are some of breaches from 2011, from the post. For the entire list, with links to the details go to the source of the article here:

1.29 million Sega accounts

100 million or more Sony accounts

Potentially, the email accounts of over 2,500 companies serviced by Epsilon

360,083 bank accounts at Citigroup

280,000 accounts at Honda

1.2 million accounts at the Texas Comptroller’s office

114,000 accounts of iPad 3G owners

40 million or more RSA SecurID tokens issued by EMC to over 30,000 companies and government agencies, including half of US banks that use SecurID tokens

It’s quite scary to not only how many user accounts are compromised, but also (not mentioned in this article), how long it has taken certain entities to get their infrastructure back online. One has to assume that the issues were massive for it to have taken so long, perhaps? (supposition)

You also have to ask if these were preventable. By nature it’s almost impossible to stay one step ahead of attackers. With undisclosed vulnerabilities, let alone Zero-day vulnerabilities it is all you can do to follow the flow. Bearing in mind the human factor is a huge influence on this field, and it almost feels like herding cats while chasing your own tail.

Readiness – Red Teams – constant self assessments – audits – reaction drills – forensics – so much to be done with probably little budget, and sometimes little concern. I’ve said it a few times here, if we (security leaders) cannot convince senior leadership of the risk, should we be in that role? The variables are things like – it doesn’t matter how good you are, they still won’t listen – I guess then it’s time for a career change, if not at least a company change? Do we (you) have the balls to escalate your fears to the board? Should you?

For fear of rambling on, suffice it to say 2011 has been a bad year for breaches. Perhaps companies will notice now, that you really do need to be aware and in control of information security to stand any chance of staying secure.

Posted in: Tech |
Tags: 2011, breaches, information, security, worst, year

5 quick OS X Lion tips and work-arounds – REUTERS

July 27th, 2011 by Steve Shead - No Comments »

Here are five quick tips and work-arounds By Mark Crump at GigaOm, posted at reuters.com. I was wondering how to get ~/Library

1. Remove icons from Launchpad. Right now, the only icons you can remove from Launchpad are apps installed via the Mac App Store. If you remove the icon, the whole app is removed. In a way, this makes sense: they want to transfer the same ease-of-deletion from iOS to OS X. The problem is, if you have a ton of what Lion sees as apps — in my case, all the old World of Warcraft patches showed up in Launchpad — you’re going to have a mess. I can’t hide the apps completely, so instead I performed the digital equivalent of stuffing them in the closet. I created a single folder, moved any non-app programs into that, and stuck it on the last page in Launchpad.

2. Reveal your Home Library folder. I’m not sure why Apple hid this, but there are two ways you can get to it. The first is to go to the Finder, open the Go menu, and choose “Go to Folder.” Type in ~/Library/ and hit Enter. This will bring you to the folder. If you need to get there more than occasionally, or have an app where the hidden flag is causing problems, you can make it visible by typing in “chflags nohidden ~/Library” in the Terminal.

3. Make an app open in all spaces. This tip only works if you have multiple Desktop spaces. To add a space in Mission Control move your pointer to the upper-right hand corner and click on the large Plus icon. Then, right-click on the apps’s icon in the Dock, choose Options, and “Assign to: All spaces.” As a bonus tip, you can also create an empty space to quickly flip to an empty display if you need to.

4. Remove icons from the Sidebar. I’ve run into a few instances where dragging an icon off the Sidebar doesn’t actually remove it. If this happens, right-click the wayward icon and choose “Remove from Sidebar.” If, like me, you ended up with some Sidebar folders pointing to now nonexistent folders and can’t remove them at all, renaming the com.apple.sidebarlists.plist file in ~\Library\Preferences folder (it doesn’t matter what you rename it to) and rebooting will restore your Sidebar to default icons.

5. MobileMe Calendar syncing is now set in iCal. This one threw me at first. In Snow Leopard, you set MobileMe Calendar syncing within the MobileMe System Preferences pane. Now, it’s under iCal’s preferences under Accounts. I imagine this is because iCloud will render the MobileMe preferences pane obsolete.

Reminder: this is NOT my work – kudos goes to the author Mark Crump at GigaOm

Posted in: Tech |
Tags: 5, lion, os x, quick, tips, tricks

Dear Apple

July 27th, 2011 by Steve Shead - No Comments »

Dear Apple,

I’m liking the new OS X – I have to say it’s pretty slick. One question though, please can I have control of the sidebar in my finder windows? I appreciate the new look, but I don’t like that I can’t move my devices to where I can see them.

k? Thanks!

Posted in: Tech |
Tags: apple, control, lion, os x, sidebar