KellyKeeton dot Com v3.0 reverse engineering life

1Aug/070

Ten Things your IT department will tell you

I saw the most horrificarticle in the WSJ today about how to defeat IT security “Ten ThingsYour IT Department Wont Tell You”. This is so wrong and so insecure I almostwrote the paper, but I dont care to argue with the columnist, instead I will justblog my unforgiving with them.

I wrote a response with 10 things a IT guy will tell you about why this is a Joke.note that I am 1:1 listing my items with the article so i say read that first to seemy response. In the initial set-up for the story, Vauhini Vara talks about the specificreasons that IT staff block content or restrictions, she then implies in a nationalnewspaper “not so fast…” basically this article is giving horribleways for people to hack organization they work for. In fact she states that specificallyfor “hacking advice” not hacking as in modify hardware to make NES ROMSwork, but hack as in bypass policy and procedure to undermine IT. unbelievable.

1. Send Giant Files

This is crazy dumb, the next time you want to transfer large files to customers ofyour company, ask your IT department for a FTP or file portal. anything else is defianceof policy and illegal transfer of data. For IT staff to prevent this just block allmajor sites and use content filtering such as SecureComputing Web-Washer / Sidewinder Firewalls, or CiscoSecurity Agent. To rip on Vauhini she states that you can look for a “securepadlock” haha yea i think that will solve all the worlds problems.

2. How to use software that is banned

Good old local admin rights or no local admin rights, if your company restricts localadmin rights the software you run isnt going to mess anything up. To prevent thisfor IT just GPOdisable the USB storage device. as for using web based applications – ifit will go thru a content filter I dont care much if you use it. Anyone ever hearof Cisco Security Agent?

3. How to visit porn sites at work

if you cant figure out how to use google image cache to your advantage then your skillsarnt 1337. If your a shop with a good firewall and HTTP proxy then this issue isntvalid.

4. How to clear your tracks on your work laptop

again this is a waste of a point to make a list of ten, this will not forensicallyremove data for the sites you have visited. dont forget that if someone is in question,they are loging your traffic off your box anyway. IT admins its called mirror portand wireshark, or a webproxy.

5. search work for documents from home

this here is a dangerous and insane idea, this is where I got mad with the paperfor publishing this. All you just did Vauhini is make me decide to block google applicationson the whole to prevent morons from running google desktop at work, if you need furtherinformation on this google “googledesktop security threats” to stop this Cisco CSA

6. how to store work files online

this is just like #5 if your company has no corporate policy to banish users likethis, make one and banish away. see my hacks on googlecalendar to see the fun that happens when people publish corporate data.

7. keep privacy while using web email

yes, the tips here are true, so if i have reason to suspect or policy to stop i justblock the use of any chat or personal email. good job Vauhini looks like your disablingnot enabling anything here. (i explain that last sentence in my closing remarks)

8. how to steal email for your blackberry

email is corporate property, if your against policy this tip wont land you anythingbut a monster.com account. see comments on tip 7

9. access personal email on blackberry

there is little risk here, so unless a company just isnt a fan of corporate use forpersonal gain – not having personal email on a corporate asset is the leastof your concerns and this tip is basically null. except for the use of copy pasteto release information. so BES can disable that function  andBES has the ability to block all this. Also your corporate firewall if implementedcorrectly can block access to sites on a BB

10 how to look like your working

Vara looked like she was working when she alt tabed away from myspace long enoughto write this column.

In the end, this list isnt anything bad, its just bad for employees that start tothink they are smart by using them. If your company isn't blocking them today by technologyor policy. Then your “smart” use of them will start to gain attentionand they will be blocked. The tools that i linked to here will 100% block any crazyactivity that the WSJ can come up with and misinform and ruin peoples day.

normally companies have guest wireless access, my recommendation bring in your ownlaptop and use that to do crap. Then your using a secure network for such activityand its not a company asset that your being a idiot with.

</rant>

 

 

Filed under: Nerd No Comments
9Jul/070

new dasBlog and post 4th of july report

I upgraded to the newestbuild of dasBlog over the weekend. being that this was also July 4th weekend Ithought I would post that I didnot blow up my hand this year. I also am trying to fix the database that spammersruined on the gallery so the pictures are back on line soon.

Filed under: Nerd, Social No Comments
7Jun/070

Planet Heidi Security Web Comic Book Released

Planet Heidi is a web comic about computersecurity. I did work with the writer, He nowhas a book its the content of the comic. You should go purchase it its $9and you will learn something – or just find grammatical mistakes and let him know=). Either way check out the free version or buy a book.

Filed under: Nerd No Comments
23Mar/070

Porn Ads in funny places?

I just noticed that i had porn on my website then i wondered what's up with that.For the first time in about 3 years i have been hit with a virus. Bad kelly.

googleTrojan

 in all commical manner, I got this trojan because I got tired of IE7security and turned it all off. say haha everyone.

Nothing will detect it yet (no data on the web at all to clean the virus) I did findit running with HiJackThis it had a DLL with the following information

"O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\KELLYK~1\LOCALS~1\Temp\~DP20.dll"

when that DLL is added or removed the porn will come back. However the trojan appearsto still be effecting my computer or a file on my computer is infected, fun.

Found a cool site http://www.virustotal.com itwill scan files with all engines, looks like that is just a adware file. how did itget there?!

Patch To Prevent it MS06–001



 

Filed under: Nerd No Comments
21Mar/070

ITunes Move collection

here is how to moveyour collection from a old PC to a New PC

Filed under: Nerd No Comments
20Mar/070

dont copy that floppy

i dont link you tube much but this is awesome

dontcopy that floppy

Filed under: Nerd No Comments
21Feb/070

The Best RDP managment tool ever hands down.

If you admin computers via RDP then you NEED this tool.  visionappRemote Desktop (vRD 1.4) this tool is crazy cool. likeVNC managment apps you can have a list of all your RDP servers. If you wanted youcan save your cridentials (dumb) and you can view all the sessions in Tab or QuickViewformat. this is a MUST HAVE TOOL. (you need to register to use) http://www.visionapp.com

also your list that you make you can backup and share with fellow IT.

 

 

Filed under: Nerd, Software No Comments
1Dec/060

update for Project84Grass theme for DasBlog and IE7

I have been bugged with my blog since I upgraded to IE7 so I fixed it today. Its aCSS issue in the css for the theme Project84Grass

#container{
 height:99.9%;
 min-height:99.9%;
 width:958px;

detailshere

Filed under: Nerd No Comments
16Nov/060

fun laser hack

we hall have a cdrom or cdplayer sitting around right? hackthe laser and see what it can do

Filed under: Nerd No Comments
4Oct/060

Finally got around to dasblog 1.9 upgrade

so I had time today to upgrade all the blogs on my server to dasblog1.9 so if your reading this, and your blog is on my server then your on thenew version in the next 24 hours.

biggest updates are support for cell browsers, removal of emails from feeds, “emailpage” close comments feature, thanks Dasblog team!

Filed under: Nerd No Comments