Don't Wear Your Work Cloths While Blogging

I guess this was bound to happen with the popularity of the personal blog these days. A flight attendant for US airways was suspended after she posted pictures of herself in uniform to her personal blog, even though
she used fictional names and places.

It is a good idea to know the company policies on personal websites and blogs to avoid this situation.

Whatever happened to free speech?

New User Profiles Customization

When logging onto Windows XP for the first time, a basic user folder is copied from the Default User profile and named to the new user's name. You know the one with the Bliss desktop background and no icons on the desktop except the Recycle Bin.

Sometimes, either for business or personal preference, this Default User profile can be changed to your liking. Here is how:

Log on as administrator, right click on My Computer, choose Manage, expand Local Users and Groups, right click on Users and choose New User. Give the new user a name (I use "Template" as that is what I am making).

Log off as administrator, then log on as the user that was just created. Change the background, add desktop icons, set up everything to your specifications and/or liking. When you are finished log off as the user and back on as the administrator.

Now we have a template profile that we would like to have as default for all new users added to the computer. The settings we just created need to be applied to the Default User profile.

Make sure that the folder options are set to show hidden files and folders (some of the profile files and folders are hidden by default.

Navigate to the \Documents and Settings\Template folder and open it. Select all files and copy.

Next navigate to \documents and settings\ Default User folder and open it. Select all files and paste (replace all when prompted).

Now when a new user is added the customized settings that you applied to the user template will be used for the default settings for the new user.

Access Denied

Scenario: You have just reinstalled Windows XP Pro on your Boot partition.
After everything is up and running, you go to open a text file on your data partition and get an error "Access Denied." How can this happen? Why can I not open my file anymore?

I get this question more than most on the support list that I belong. Here is the solution:

When you reinstall Windows, The SID (Security Identifier) is changed and the access tokens for all users are changed.Therefore, the files you are trying to open are no longer owned by you.

To open the files again, you need to take ownership of the files.

First log on as the local administrator.

Make sure that Simple File Sharing is turned off: Open Windows Explorer - click on the Tools menu - select Folder Options - Click on the View tab - scroll all the way to the bottom and uncheck "Use Simple File Sharing (Recommended)."

Now navigate to the file or folder in question. Right click on the file and choose properties. Click on the Security tab, then click on Advanced. Open the Owner Tab. In the Change owner to box is a list of users that have permissions to take ownership of the object. Select the user to take ownership and press the Apply Button.

Once you have taken ownership as administrator, the ownership of the file can be granted to the user of your choice.

USB sticks get fingerprinted - silicon.com

This is a great idea if you loose your little jumpdrive:

A new memory stick on sale next week turns fingerprints into passwords. Lexar Media's JumpDrive TouchGuard uses a sensor that reads the miniscule ridges on a finger, and unlocks the encrypted data on the USB memory stick if there's a match.

"It's going to be in Best Buy [one of the largest chains of US consumer electronics shops] stores starting Monday," Christopher Crump, a project manager at Cogent Systems, said Thursday. Cogent wrote the software. Fujitsu makes the finger-scanning chip for the TouchGuard stick, which was demonstrated at a technology conference this week. Sony already sells a similar product called Micro Vault.

USB sticks get fingerprinted - silicon.com

Offshoring: It's better for everybody

October 22 2004
by Will Sturgeon
Even those who are losing their jobs... sort of...
Offshoring is benefiting companies, countries and economies on both sides of the debate, according to attendees at the Better Management Live Conference in Las Vegas this week.


Technology companies in Europe and the US claim the offshoring 'kick-back' is the creation of new jobs in their domestic market which are "higher up the economic value scale" than those jobs which they have sent to countries such as India.

While on an individual-by-individual basis there are clearly those who will be worse off, in general this is having a positive effect on Western economies and workforces, according to Nigel Holloway, director of executive services at the Economist Intelligence Unit, who quoted McKinsey figures.

Chip Greenley, VP marketing and solutions at HP, said: "From a generic perspective it has to be good for the global economy."

Greenley and representatives from other vendors, said cost savings associated with offshoring are being reinvested in the creation of more high-value roles in the domestic market.

"We have taken large chunks of our business and moved them overseas," said Greenley. "If we know that by offshoring our accounts payable handling we will create the budget to hire 200 new hardware and software engineers then I can tell you it is going to happen."

Offshoring: It's better for everybody

Hackers learn to attack networks with IM - silicon.com

On further reading:

Combining the open-source tool nmap - a program that discovers devices on a network - with an IM bot, hackers can infiltrate, steal information and carry out denial-of-service attacks on networks, says the director of security for Whitehat UK, Jason Hart.

IM runs over port 80, which is often regarded as a trusted port because internet traffic travels through it. Nmap uses ping requests and port scans to discover network devices.

Hart said: "The bot could send itself to 10,000 addresses, which could then attack one IP address. This means that 'denial-of-service attack' has taken on a whole new meaning. What's worrying is that this would look internal."

If instructed, the nmap bot is capable of a DoS attack by sending a massive amount of pings, a term hackers have dubbed 'the ping of death'.




Hackers learn to attack networks with IM - silicon.com

IM photos compromise networks - silicon.com

Security experts are warning users that hackers can use JPEG profile photos on instant messenger to attack networks.

According to security company WhiteHat UK, hackers can use an exploit in JPEGs which enables them to embed malicious code into profile photos on instant messenger. When a recipient sees the photo on their instant messenger (IM) client, it can cause an exploit code, such as a Trojan or worm, to automatically execute.

Jason Hart, security director for WhiteHat UK, said: "Potentially, the photos that are sent with instant messenger could be used with the Microsoft JPEG exploits already out there. Essentially you can say it's the same as any JPEG using the IM protocol as a portal to come through."

IM travels on port 80, which is often regarded as a trusted channel because internet traffic also uses it. Hart said any company using IM that allows JPEGs was open to attack: "The majority of times, desktop computers are the last to be secured by big corporations


IM photos compromise networks - silicon.com

Offshoring: It's Not Too Late to Change

Here is an article from DevX that takes some of the current offshoring of IT related jobs issues, and adds some information of what needs to be done to fix the problem.

Way too many American workers loosing their jobs to cheap overseas employees. The government needs to step in and protect American jobs, as it protects corporations from cheap imports.


Offshoring: It's Not Too Late to Change

Unearthing the origins of Firefox | Newsmakers | CNET News.com

The link below is a really good interview from News.Com of Ben Goodger (Lead Engineer, Mozilla's Firefox).

Gives some good incite into past present and future of this truly great browser.

Unearthing the origins of Firefox | Newsmakers | CNET News.com

Laszlo Systems, Inc. (no Pluggin Web Applications)

Testing this new web application design application. Works on javascript and XML. Some really cool features, and seems to be fairly easy language to learn.

Will do some testing and report more.

More information on this can be found at:

Laszlo Systems, Inc.

SecurityDocs: Directory of Security White Papers

This is truly becoming a super site of all security related articles and white papers.
Check it out.
Read up.
Submit papers.
Join the forums.

Truly worth checking out!!

SecurityDocs: Directory of Security White Papers

Envy News Review of SMC 2804WBR 802.11g Wireless Router

I am writing this because this review steered me to purchasing this wonderful router.

I had a D-Link DI-524 networking the two computers in my house, but the D-Link firmware has some stability issues, and talking to there tech support by email pushed me away from them.

The SMC 2804WBR 802.11g Wireless Router, has a true SPI (stateful packet inspection) firewall built in. And for 29 dollars after rebate I could not pass it up.

The setup was very easy, although I had to set it manually as the cd install failed. But now I guess I need a wireless nic, as my sons computer - which is connected wirelessly - gets faster transfer speeds than my wired connection.

Read the full review, and I am sure you will like the features too.

And if not........I have a D-Link for sale.


Envy News: Quality Gadgets for Hardware Zealots