ja_mageia

It is often in the best interest for authors of web robots to obfuscate the true identity of their requests. These obfuscations often consist of changing the HTTP User-Agent header without making further modifications to other HTTP headers. By leveraging existing passive browser fingerprinting projects, it is possible to determine the existence of these robots. If desired these requests can be blocked using applications such as modsecurity in Apache, or the native configuration files of web servers such as lighttpd or Apache.

Tracking, reporting and communicating compliance status to management is cumbersome and time consuming. The right tools to track and report compliance status will enable a pre-audit compliance team to be more productive by clearly communicating status and limiting duplicate effort.

I’ve been experimenting with David Allen’s GTD (as well as other productivity methodologies) for a while now and have settled on an implementation that works rather well for email. In this post, I’d like to give you the process I follow to organize my email life and code for an Outlook macro that automates many aspects of the process.

Disclaimer: I by no means claim to have developed all of the methodologies described herein. This is simply my implementation and conclusions drawn from several productivity methodologies which include David Allen’s Getting Things Done, Merlin Mann’s Inbox Zero , GTDGmail and of course many posts on Lifehacker. I HIGHLY RECOMMEND visiting these links.

Simply stated, GTD is a method for keeping track of your life. Since many of us live in a world where email is constantly piling up, a method for managing email and the tasks associated with those emails are imperative. I’ve read David Allen’s book several times and I like many of the ideas, but find I need a simpler method for tracking everything.

Below, I will outline the various steps of the modified GTD process I use on a daily basis. Hopefully this will help you gain control of your inbox and add a little more order to your life.

Online airline checkin has fallen under scrutiny lately due to relaxed security controls. Several airlines protect their patrons utilizing SSL or TLS for encryption of traffic on the internet. However, many airlines have chosen not to encrypt sensitive username, password and frequent flyer information when logging into their website. Laconic Security investigated the widespread use of non-encrypted websites used for frequent flyers and online checkin.

Risk is also a business issue. As such, we (as security professionals) must present risk in a way that makes sense to the business, not just security people. To effectively communicate risk, it must be interpreted consistently across the organization and be explained clearly to all business units.

Recently, Fred and I were dining with a friend and she told us an interesting story about a small retailer that focused on home delivery of organic and natural foods. Unfortunately, the business closed its operations. After the business closed, they discovered that their technology infrastructure was compromised and customer credit card information may have been stolen. Our conversation continued in the direction of small start-up businesses and the security challenges retail food vendors face in the future.