Something off topic but really important: Help Haiti

January 14, 2010 · Posted in Life Happens, Random Stuff · Comment

Some info on how to extend a helping hand to folks devastated by the quake in Haiti:

You can send a $10 Donation by Texting ‘Haiti’ to 90999 or You can make a donation by calling 1-800-REDCROSS or 1-800-257-7575 (Spanish) or visit the Redcross site and click on the Donate Now button.

If $10.00 is a little bit more than you can afford right now, musician Wyclef Jean’s organization Yele Haiti also receives donations via text for $5.00. Yele Haiti’s website is http://www.yele.org/. You can text “YELE” to 501501 to give $5 to help with earthquake relief efforts.

In Canada, people can donate $5 to the Salvation Army by texting “Haiti” to 45678 through a system set up by the Mobile Giving Foundation.

Unless you have personally researched any other organization and know that they are trustworthy, be careful. YOU DON’T WANT YOUR WELL-INTENTIONED DOLLARS TO FALL INTO THE WRONG HANDS.

Not all “text to donate” services are created equal. Unfortunately, however appalling it may be, opportunistic scammers typically come out of the woodwork in the wake of catastrophes, hoping to strike it rich through fraudulent schemes.

Tags: no tags

CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Protocols

January 11, 2010 · Posted in Information Security, Information Systems, Information Technology · Comment

Protocols – a standard set of rules that determines how computers communicate with each other across networks despite their differences

Layered architecture

Shows how communication should take place
Clarify the general functions of a communication process
To break down complex networking processes into more manageable sub-layers
Using industry standard interfaces enables interoperability
To change the features of one layer without changing the code in every layer
Easier troubleshooting Read more

Tags: application, CISSP, CISSP Exam, CISSP RE, CISSP Review, data link, ISDN, Layered Architecture, MAC addresses, network, OSI model, physical, presentation, Protocols, session, transport

Monday DeMondaynizer: No Pants Day

January 11, 2010 · Posted in Random Stuff, The Demondaynizer · Comment

Don’t get caught gawking…

Pulled from the Improv Everywhere website:

The 9th Annual No Pants Subway Ride went off without a hitch today in New York. It’s tough to count, but we’re guessing we had around 3,000 participants. Riders met at meeting points spread out all over the city and converged on Union Square. The high was 28 degrees.

Tags: no tags

Semi-Hiatus Over

January 11, 2010 · Posted in Life Happens, Random Stuff, The Internet · Comment

Wishing I was on hiatus because I was really on vacation, but missed several weeks of posts because I was actually tied up on another project and just can’t find anymore time nor the energy to get online after banging my head on the monitor dealing with the folks involved in this project. Hopefully in the next few weeks, it’ll be finally done. It’s almost like looking forward for that root canal to be over with…

Tags: no tags

CHEERS!!!

December 31, 2009 · Posted in Life Happens, Random Stuff · Comment

Wishing you all a safe, happy and prosperous New Year…

It’s time for that cheesy classic…

Tags: no tags

Do People Still Fall For This?

December 30, 2009 · Posted in Information Security, Information Systems, The Internet · Comment

I still regularly get communication like the one below from wives of presidents, sons of billionaires, daughters of a wealthy sheik, etc. and saying that with my help I can be an instant millionaire. The words in the message slightly vary, but the message is pretty much the same. This scam, commonly known as the “Nigerian Sam”, has been going on even before e-mail became widely widespread, but after all these years and after all the media exposure it has received, one would think folks would no longer fall for it and perhaps the scammers will change their tactics.

Well as illustrated in the e-mail below, and from the tons of similar e-mails I have received, it doesn’t look like the tactic have changed at all. I wonder if people still fall for them, since nothing changed on the bad guys side.

Read more

Tags: 419 fraud, advance fee fraud, black money scam, e-mail, Nigerian bank scam, Nigerian Letter, Nigerian money offer, Nigerian scam, Russian scam, Security, Spanish Prisoner, Ukrainian scam

Semi-hiatus

December 22, 2009 · Posted in Life Happens, Random Stuff · Comment

The past 2 weeks has been interestingly hectic. So hectic I barely have time to sit and put in an entry. In any case, I’m hoping to still be able to put in an entry here and there and hopefully I should be fully back in the fold by Jan. 2 next year.

Whatever the case maybe, I hope you all are having a wonderful Holiday Season and I wish you all the best for 2010.

Tags: no tags

CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Key Concepts and Other Definitions

December 22, 2009 · Posted in Information Security, Information Systems · Comment

Rainbow Series

The Rainbow Series (sometimes known as the Rainbow Books) is a series of computer security standards published by the United States government in the 1980s and 1990s. They were originally published by the U.S. Department of Defense Computer Security Center, and then by the National Computer Security Center.

These standards describe a process of evaluation for trusted systems. In some cases, U.S. government entities (as well as private firms) would require formal validation of computer technology using this process as part of their procurement criteria. Many of these standards have influenced, and have been superseded by, the Common Criteria. Read more

Tags: CISSP Exam, CISSP Notes, computer security, department of defense, Layered Architecture, Orange Book, OSI model, Protocols, Rainbow Series, Redbook, Salami Attack, TCSEC, TNI, Trusted Computer System Evaluation Criteria, Trusted Network Interpretation, US Government

Yeah Boy! Yah Suck! – David Pogue | Microsoft

December 11, 2009 · Posted in Information Security, Information Systems, Information Technology, The Internet, Yeah Boy! Yah Suck! · Comment

This week’s, Yeah Boy!!!

I don’t know if you’ve heard of David Pogue, New Technology Columnist for NyTimes.Com. His website is aptly named: DavidPogue.com. I first got turned on to him (no he did not turn me on ) when he did the keynote for a marketing conference I attended in Las Vegas about 2 years ago. The man has proven that he had the gift for writing, the gift of gab, he delivers his stuff in a very down-to-earth and funny fashion (both in text and in speech) and as he demonstrated in that keynote speech, he got musical skills, too. He explained that Music was actually his major in college and becoming one of the most recognized and respected tech reviewer in the web today is quite a feat indeed. Read more

Tags: Ballmer, David Pogue, Dragon, Linux, MAC, Microsoft, Palm, PC, Security, Vista, Windows 7, Yah Suck, yeah boy

CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Session Hijacking

December 11, 2009 · Posted in Information Security, Information Systems · Comment

In computer science, session hijacking refers to the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim’s computer (see HTTP cookie theft).

TCP session hijacking is when a hacker takes over a TCP session between two machines. Since most authentication only occurs at the start of a TCP session, this allows the hacker to gain access to a machine. Read more

Tags: CISSP Exam Review, E-mail Spoofing, hacker, IP packets, IP Spoofing, man-in-the-middle attack, session hijacking, source-routing, TCP, TCP Sequence Number

Join Me On Facebook

Trehb101 - Got Geek?

Promote Your Page Too
Entry Categories
- Biz Mgt & Dev (8)
- Blog-keeping (1)
- Bum-A-Post (3)
- Don's eBook Report (1)
- eBooks, etc… (3)
- eCommerce / eBiz (7)
- Entrepreneurship (6)
- Geek Mail (2)
- Information Security (23)
- Information Systems (18)
- Information Technology (6)
- InfoSec Docs (1)
- Internet Docs (2)
- Internet Marketing (12)
- Life Happens (15)
- Random Stuff (10)
- The Demondaynizer (4)
- The Internet (15)
- Web Design / Development (2)
- Yeah Boy! Yah Suck! (3)
Recent Posts
Business Tech Press Releases
- Distributed Marketing Technologies Enable Smarter Marketing Operations February 8, 2010
- Novatel Wireless Announces First Successful 4G LTE Data Transmission February 8, 2010
- VillageEDOCS Plans to Voluntarily Deregister Common Stock and Move to Pink Sheets February 8, 2010
- Ricky's Board Shop, Inc. Acquires AdCastPlus(TM) Advertising Patents and Technology from Kattegat, Ltd., Becomes KlausTech, Inc.(TM) February 8, 2010
- LeCroy Introduces Trigger and Decode Package for MIL-STD-1553 February 8, 2010
Follow Me on Twitter
Archives

Your Shopping Cart
Your cart is empty
Calendar

February 2010

M T W T F S S

« Jan

1 2 3 4 5 6 7

8 9 10 11 12 13 14

15 16 17 18 19 20 21

22 23 24 25 26 27 28
From the National Vulnerbility Database
- CVE-2003-1579 (one_web_server) February 4, 2010
  Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123 […]
  nvd@nist.gov
- CVE-2003-1583 (webtrends_log_analyzer) February 4, 2010
  Cross-site scripting (XSS) vulnerability in WebTrends allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue. […]
  nvd@nist.gov
- CVE-2010-0558 (opensolaris) February 4, 2010
  The default configuration of Oracle OpenSolaris snv_77 through snv_131 allows attackers to have an unspecified impact via vectors related to using smbadm to join a Windows Active Directory domain. […]
  nvd@nist.gov
- CVE-2003-1585 (weblog_expert) February 4, 2010
  Cross-site scripting (XSS) vulnerability in WebLogExpert allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue. […]
  nvd@nist.gov
- CVE-2010-0557 (cognos_express) February 4, 2010
  IBM Cognos Express 9.0 allows attackers to obtain unspecified access to the Tomcat Manager component, and cause a denial of service, by leveraging hardcoded credentials. […]
  nvd@nist.gov
- CVE-2003-1581 (http_server) February 4, 2010
  The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue. […]
  nvd@nist.gov
- CVE-2009-4185 (system_management_homepage) February 4, 2010
  Cross-site scripting (XSS) vulnerability in proxy/smhui/getuiinfo in HP System Management Homepage (SMH) before 6.0 allows remote attackers to inject arbitrary web script or HTML via the servercert parameter. […]
  nvd@nist.gov
- CVE-2010-0559 (opensolaris) February 4, 2010
  The default configuration of Oracle OpenSolaris snv_91 through snv_131 allows attackers to have an unspecified impact via vectors related to using kclient to join a Windows Active Directory domain. […]
  nvd@nist.gov
- CVE-2009-2752 (websphere_commerce) February 4, 2010
  IBM WebSphere Commerce 7.0 does not properly encrypt data in a database, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms. […]
  nvd@nist.gov
- CVE-2003-1584 (surfstats) February 4, 2010
  Cross-site scripting (XSS) vulnerability in SurfStats allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue. […]
  nvd@nist.gov
Blogroll
Tags

Access Control advertising affiliate marketing Availability Ballmer blogs business CIRT CISSP CISSP Exam CISSP Notes CISSP Review CISSP reviewer Computer Incident Response Team computer security Confidentiality demondaynizer denial of service department of defense DOS e-commerce ebook Information Security Integrity Internet Marketing ISDN Maceo MAD MAC Microsoft monday network notes pay-per-click pay-per-sale privacy RSS Feeds Security social media social networking starter pack strategies Trehb101 Tweets Web 2.0 yeah boy

February 2010
M	T	W	T	F	S	S
« Jan
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28

Information Systems Management & Security : eBusiness : Internet Marketing Strategies : Life

You can send a $10 Donation by Texting ‘Haiti’ to 90999 or You can make a donation by calling 1-800-REDCROSS or 1-800-257-7575 (Spanish) or visit the Redcross site and click on the Donate Now button.

Join Me On Facebook

Entry Categories

Recent Posts

Follow Me on Twitter

Archives

Your Shopping Cart

Calendar

Blogroll

Tags