Friday, November 27, 2009

Microsoft Password Checker

I'm sure there are many password validators or checkers. However, I happened to be reading a pretty good article from Microsoft on their research into passwords when I noticed a link to their page that will evaluate a string to see how strong it would be as a password. Their password checker is located here. While the policies and recommendations that are made should be known in the security field, the page is good for clients (and those needing education) as a way to gauge how good their passwords are.

New Security Magazine

I just saw a link go by in my feed reader for a new free IT security magazine: Security Acts. I downloaded the first issue and will give it a read in a little bit. One of the articles I'm interested in reading is called "How to conduct basic security audits," especially due to the nature of testing I've been doing.

What will be interesting to see is how this magazine fares, with the likes of other free web-zines available:

(IN)SECURE Magazine

Into The Boxes - more of a forensic magazine

Let me know of other free magazines, and I'll update this list.

Wednesday, November 25, 2009

Yearly Family Incident Response Reminder

This is one of my favorite posts from the Internet Storm Center. I didn't see them post it, or something like it, this year. As family and friends gather during the holidays, you will constantly get asked/cajoled/tricked/bribed/blackmailed(?) into working on their computers because, as incident responders, we are the go-to people. Education goes a long way. But, when you have to get down to it, and work on the machines, you need the tools to get the job done.

I've found the tools in the post useful, I've added others, and I've adapted as the malware has evolved. The best-case is when the problem is not too bad, and you can eradicate, recover and move on; usually with stern warnings and helpful words of encouragement. Also, it helps to improve the security posture of the machine you are working on. Worst-case, you're in for a long day/night of work to get the machine back to a usable state.

Here's hoping you have a Happy Thanksgiving (if you celebrate) and that you get a few minutes to relax.

Friday, November 6, 2009

Back from the dead

...Or, at least the wraith-like state I've been. It's been a quiet Summer and Fall; but I guess it's time to pay for the leisure time I've been afforded. I've just been assigned three testing trips in the next five weeks. Two require air travel. And to bases in Texas no less. I'm not really worried, but the family is mildly concerned; at least in light of recent events.

Not only that, but these projects are going to for the Air Force; which I've never worked with before. So, it should be a new learning experience as I navigate the differences between the Army- and Air Force-specific requirements.

Current Project: I'm working on scripting the Gold Disk such that it can be run in a mixed domain of XP and Vista computers. The issue I'm having is that GD asks for permission to run on Vista. This becomes an issue when we stick our script in with the other login scripts on the Active Directory Server. We only do this for the big LANs we test; as it makes getting results from many machines much easier.