Author Archives: Daniel Hagan

Switching to HTTPS

Spent a few hours tonight and converted to use HTTPS for all traffic. I have to thank Hynek Schlawack for his very useful blog post explaining how to configure optimal SSL settings. If you’re interested in seeing how your … Continue reading

Posted in Security, Technical | Leave a comment

RSA Urges Customers to Stop Using NSA Backdoor?

Everyone has more or less agreed that the 2006 NIST standard for random number generators includes an algorithm that was likely back-doored by the NSA. The upside was that the algorithm was not particularly attractive, and it was likely that … Continue reading

Posted in News, Security | Leave a comment

The Busting of LulzSec: Lessons in OpSec

Operational Security (OpSec) is the discipline of denying an adversary information that would be advantageous in their plans against you. Maintaining anonymity is a very effective technique for OpSec, but it’s also one of the hardest to achieve. The longer … Continue reading

Posted in News, Security | 3 Comments

Malware Development goes Social

You know an idea is here to stay when even the criminals get behind it… In this case, the idea is crowd sourcing and user-driven development models. Brian Krebs recently reported on a new development in the malware world – … Continue reading

Posted in Uncategorized | Leave a comment

First Details of the RSA Hack

Thanks to a submission to VirusTotal, it looks like F-Secure has identified the first step in the RSA hack back in March. It was a basic phishing email, with a zero-day Flash exploit payload. It wasn’t sent to a privileged … Continue reading

Posted in Clippings, News, Security | Leave a comment

A House Divided

Tech folks think business folks are assholes who don’t understand the technical details and should get out of the way. Business folks think tech folks are assholes who don’t understand the financial details and should just do what they’re told. … Continue reading

Posted in Management, Technical | 1 Comment

Value of Logging

I recently had a perfect example of the value logging fall right into my lap. While testing out ArcSight Logger (a very cool product for a very reasonable price), I noticed some unusual firewall traffic. My NAS was making connections … Continue reading

Posted in Technical | Leave a comment

PuTTY Update – 4 Years in the Making

It’s been four years since the last release, but the popular Windows SSH suite PuTTY has just released a new version! Make sure to update all your installations.

Posted in News | Tagged , | Leave a comment

Japan Earthquake Disaster Relief

Those of you who know me personally already know that Japan has a special place in my heart. The earthquake last Friday and the subsequent tsunami and devastation have been horrific to watch. As far as I know, all of … Continue reading

Posted in News | Tagged , , , , , | Leave a comment

The Challenge of Process Driven IT

Organizations responsible for IT inevitably realize that they need to move from organic skill-driven improvisation to a more formal process-driven model. The good news for these organizations is that there are plenty of frameworks out there for process-driven IT. Whether … Continue reading

Posted in Management | Leave a comment