let's not and say we did

Archive for the 'Security' Category

Pray for Better, Prepare for Worse

October 21st, 2006 Posted in IT Administration, Security | Comments »

All things mechanical will fail. A lack of sound disaster recovery procedures should keep a knowledgeable IT administrator awake at night. Measures to prevent data loss are needed by many recovery scenarios and are a worthwhile vehicle to discuss the overall need to practice disaster recovery procedures. Data backups are a key component of disaster […]

H&R Block and SSN Mismanagement

January 23rd, 2006 Posted in Security | Comments »

Paul Roberts uncovers H&R Block’s mismanagement of social security numbers in H&R Block Mailing Reveals Customers’ SSNs. The leak was attributed to user error, but the blunder is most likely due to ill-implemented software. After all, software is responsible for printing the labels that are used for these software packages and for assessing their marketing […]

Who’s Afraid of the Cookie Monster?

December 29th, 2005 Posted in Security | Comments » has an Associated Press article that discusses the NSA’s Lamest Spy Tool: Cookies. The first sentence in the article claims “the National Security Agency’s internet site has been placing files on visitors’ computers that can track their web-surfing activity,” without bringing up any of these files’ limitations. Articles like the one featured on […]

Latest IE Security Threat

November 29th, 2005 Posted in IT Administration, Security | Comments »

An IT article is publicizing a remote hole in Microsoft Internet Explorer that can be allegedly used to execute arbitrary code. The latest virus definition update for McAfee VirusScan prevents the proof of concept page at from executing the payload right after Internet Explorer crashes, but systems without third-party security products may be vulnerable. […]

Misguided Response on XML-RPC Worm

November 15th, 2005 Posted in IT Administration, PHP, Security | Comments »

A recent worm, Lupper, is traversing the Internet and exploiting computers that run the XML-RPC package for PHP. The official XML-RPC for PHP homepage states that the package’s abuse of the PHP eval function created a security hole that allowed remote execution of arbitrary code. This means that any systems that run PHP and a […]