Wednesday, June 28, 2006

F-Secure Data Security Summary - January to June 2006

It's midyear and time for their semiannual data security summary...

Saturday, June 24, 2006

Job Security - Never Leave Your Desk

Internet Urinal

Shopping, gaming, chat rooms, cyber-dating - the internet is such an addictive and time-consuming force, who's got time to go? With the Internet Urinal, you'll never have to leave your computer again. Imagine the freedom - destroy your opponents on network Quake without taking a break; drink as many cans of Jolt as you want and still be able to make that last important trade before the market closes. Each urinal is made with hard plastic and comes with a handy female adapter. Holds 32 oz. of liquid (same as a Big Gulp!).

Wednesday, June 21, 2006

Candy From Strangers

Why do people pick up a USB stick and then insert it into their computer during a security audit as was written about here? Are USB sticks that cool? What else would you just pick up and insert?

Saturday, June 17, 2006

Chinese Mobile Execution Bus

China Makes Ultimate Punishment Mobile

The country that executed more than four times as many convicts as the rest of the world combined last year is slowly phasing out public executions by firing squad in favor of lethal injections. Unlike the United States and Singapore, the only two other countries where death is administered by injection, China metes out capital punishment from specially equipped “death vans” that shuttle from town to town.

Makers of the death vans say the vehicles and injections are a civilized alternative to the firing squad, ending the life of the condemned more quickly, clinically and safely. The switch from gunshots to injections is a sign that China “promotes human rights now,” says Kang Zhongwen, who designed the Jinguan Automobile death van in which “Devil” Zhang took his final ride.

SQL SA Password Tips

The sa account is created during the installation process and the sa account has full rights in the SQL Server environment. By default, the sa password is blank (NULL), unless you change the password when you run the MSDE Setup program. To conform with the best security practices, you must change the sa password to a strong password at the first opportunity.

Verify if the SA password is blank

1. On the computer that is hosting the instance of MSDE to which you are connecting, open a command prompt window.

2. At the command prompt, type the following command, and then press ENTER:

  osql -U sa
 

This connects you to the local, default instance of MSDE by using the sa account. To connect to a named instance installed on your computer type:

  osql -U sa -S servername\instancename
 

You are now at the following prompt:

  Password: 

3. Press ENTER again. This will pass a NULL (blank) password for sa.

If you are now at the following prompt, after you press ENTER, then you do not have a password for the sa account:

  1>

We recommend that you create a non-NULL, strong password to conform with security practices.

However, if you receive the following error message, you have entered an incorrect password. This error message indicates that a password has been created for the sa account:


"Login Failed for user 'sa'."

The following error message indicates that the computer that is running SQL Server is set to Windows Authentication only:

Login failed for user 'sa'. Reason: Not associated with a trusted SQL Server connection.

You cannot verify your sa password while in Windows Authentication mode. However, you can create a sa password so that your sa account is secure in case your authentication mode is changed to Mixed Mode in the future.

If you receive the following error message, SQL Server may not be running or you may have provided an incorrect name for the named instance of SQL Server that is installed:

  [Shared Memory]SQL Server does not exist or access denied.
[Shared Memory]ConnectionOpen (Connect()).

Change your SA password

1. On the computer that is hosting the instance of MSDE to which you are connecting, open the command prompt window.

2. Type the following command, and then press ENTER:

  osql -U sa

At the Password: prompt, press ENTER if your password is blank or type the current password. This connects you to the local, default instance of MSDE by using the sa account. To connect by using Windows authentication, type this command:

  use osql -E

Note If you are using SQL Server 2005 Express, avoid using the Osql utility, and plan to modify applications that currently use the Osql feature. Use the Sqlcmd utility instead.

3. Type the following commands, on separate lines, and then press ENTER:


sp_password @old = null, @new = 'complexpwd', @loginame ='sa'
  go

Note Make sure that you replace "complexpwd" with the new strong password. A strong password includes alpha-numeric and special characters, and a combination of upper and lower case characters.

You will receive the following informational message, which indicates that your password was changed successfully:

  Password changed.


Friday, June 16, 2006

Friday Fun - Personality Type: The Backstabber

From The Bastardly

It’s perfectly natural if a particular face flashed into your mind after reading the title. It’s always good to remember those who we must watch out for as we tread through our robotic lives.

The Backstabber is yet another special personality type. Special, because it is The Backstabber & Backstabber alone, who keeps us between a prosperous life & a life full of poverty, hatred & depression (even a murderous life, if we choose to take it that far). For the sake of my own sanity & hopefully your own, I’m creating a list of Backstabberly characteristics that we must all memorize and attempt to pin onto people we live, work & play amongst. No one must be left out! It is a question of life & death, my friends. For safety, use the ‘3 strikes & you’re a fucking Backstabber’ rule.

1. The typical Backstabber will always be lurking. Lurking to see what you do, when you do it & how you do it.
2. In the office, the Backstabber might just be the person who comes to your cube unsuspectingly.
3. The Backstabber will always be first person willing to help when you need assistance—not because he genuinely wants to help, but because he wants to learn how you work & possibly expose weaknesses in the process.
4. The Backstabber, whenever the opportunity arises, will use the CC (or God forbid, the BCC!!) function in Microsoft Outlook.
5. The Backstabber will never take any blame upon himself. Never.
6. The Backstabber is also either a Drama Fanner or Drama Queen (personality types already covered The Bastardly).
7. The Backstabber pretends to be naive of very obvious things for the sake of seeing how you react.
8. The Backstabber’s main goal is to expose you in front of as many people as possible. In meetings they tend to laugh a lot, possibly ask stupid questions. Don’t fall into this stupidity trap. Their main goal is to get you to open your mouth, so that you may set yourself up for a beating.
9. All backstabbers are naturally very selfish & spoiled people. They will do anything to get the most and be the best. This includes whoring themselves, shady bribing techniques, hiring brothas to make hits—pretty much whatever it takes (think of the Terminator.)
10. Always know your Backstabber, but don’t become one yourself. It’s like the War On Terrorism—it will go on forever (or at least until one man is left standing). Basically, ignoring the Backstabber is not an option b/c that’s when you’re most vulnerable!

Remember, the only way to get a Backstabber off your back is to move to a different city, challenge them to an old-school duel, & of course, secede.

Godspeed!

Wednesday, June 14, 2006

British contractors shooting "A "trophy" video"

"The U.S. military has concluded its investigation into a video that appeared to show private security contractors shooting at civilian vehicles on highways in Iraq and determined that no one involved will be charged with a crime, a military spokesman in Baghdad said. The investigation, which officials have not released publicly, began after the video was posted on an Internet site purportedly run by employees of Aegis Defense Services, a London-based firm with a $293 million U.S. government security contract."

Naked Suspect Stunned By Oklahoma Police

ANN WEAVER
The Daily Oklahoman


MIDWEST CITY -- Police used a taser to subdue a naked man seen streaking down SE 29, Police Chief Brandon Clabes said.

Mark Alan Oliver, 47, was taken into custody Monday night by two police officers while in the Village Oaks mobile home park in the 9400 block of SE 29.

Clabes said the man crawled under one of the mobile homes and refused to come out. Even after officers Archie Huston and Joe Cruz pulled the man from underneath the home, he continued to struggle until one of the policemen used a taser gun to subdue him, Clabes said.

Oliver was booked into the city jail on complaints of public intoxication and indecent exposure.

Clabes said Oliver told officers he had taken off his clothes to urinate and had forgotten where he left them.

Friday, June 09, 2006

Friday Fun - Windows' hidden "features"

Try this under Windows:

Right-click on the Desktop
Create a new Shortcut
Point the location of the item to any executable... such as: c:\windows\system32\calc.exe
Name the shortcut, for example, www.microsoft.com
Start Internet Explorer (IE5 and IE6 work best)
Type "www.microsoft.com" into the address bar
Enjoy.

More info can be found from here.

Saturday, June 03, 2006

Shredding scissors -- five-scissor blades on one handle

These Japanese shredding scissors provide a low-tech way to discard of docs at your home or office desk.

Friday, June 02, 2006

Friday Fun - What E&Y Does Best!

Ernst & Young's laptop loss unit continues to be one of the company's more productive divisions.
The Register can again exclusively confirm the loss of the Hotels.com customer information after having received a copy of a letter mailed out jointly by the web site and Ernst & Young. A Hotels.com spokesman also confirmed the data breach, saying Ernst & Young notified the company of the laptop loss on May 3. The laptop in question was stolen from an Ernst & Young worker's car in Texas and did have some basic data protection mechanisms such as, erm, the need for a password.

 
Copyright 2017 e2e Security. Powered by Blogger Blogger Templates create by Deluxe Templates. WP by Masterplan