Author: Phil Hagen

Ten

Ten. It’s just a number, isn’t it? The concept of “ten” may mean a little bit, or it may mean a lot. But at the end of the day, it’s still just a number. We need to provide some context in order to evoke scale and emotion. That context can make the number “ten” significant,… Continue reading Ten

Published
Categorized as Personal

SQL Ginsu

This year, I was selected as a “SANS @Night” presenter at SANSFIRE 2011, in Washington DC.  The SANS Institute (System Administration and Network Security) is the largest provider for information security training and security certification in the world. My presentation, entitled “SQL Ginsu: Better Living (and Data Reduction) Through Databases”, focused on how a digital… Continue reading SQL Ginsu

Comcast Sets Customers Up as Phishing Targets

Today I received an e-mail message from Comcast extolling the value of a (new?) service that will PROTECT ME™ from the INTERNET® and all its evil.  I’ve included this little gem of a PR masterpiece below.  Now don’t get me wrong, the threats presented by malware in general – botnets, phishing, scareware, credential thieves, etc,… Continue reading Comcast Sets Customers Up as Phishing Targets

How Long Will That Image Take?

Acquiring forensic images can be one of the most dreaded steps in most analysts’ processes.  It’s documentation-heavy, not terribly interesting to watch, and thanks to the ever-increasing size of commercial hard drives, it can take a LONG time.  Thanks to the unrealistic portrayals of this process in movies and TV shows, it’s not uncommon for… Continue reading How Long Will That Image Take?

Ultimate procmail Recipe

The procmail utility filters e-mail as it’s received (generally on a UNIX-like server), rather than when you retrieve it with your e-mail client (such as OSX Mail, Mozilla Thunderbird, Microsoft Outlook, etc).  As with most UNIX-based utilities, procmail is a very powerful tool for those that take the time to learn how it can be… Continue reading Ultimate procmail Recipe

How Not To Capitalize On A Security Compromise

OK, Gawker got owned. We get it.  A family of major media sites suffered the data theft of an estimated 1.5 million user records (usernames and poorly-protected passwords), with unknown impacts beyond that.  They didn’t notify users in a very timely fashion, and there is an air of “too little, too late” around their response… Continue reading How Not To Capitalize On A Security Compromise