Radical Development

Technical Without the Technicalities

Disk Encryption In Mac OSX Lion Using FireVault

| 0 comments

I thought it was time to write about disk encryption and this article is of course focused on FireVault that is ships with Mac OSX Lion.  Face it data is golden and in the wrong hands it can very damaging in the wrong hands. In addition,many of us take our MacBooks with use while on the go and disk encryption provides an additional layer of security should you laptop be lost or stolen.  FireVault is not limited to laptops and I urge you to also consider the use of FireVault on your desktop also. Finally, it is important to understand … Continue reading

Computer Networking Glossary

| 0 comments

- A – AAA A term used to indicate that the services of authentication, authorization, and accounting are being combined into one device or service. AAAA The equivalent of an A (address) record on a DNS server but specifically for IPv6. access layer The layer of network communication at which the client computers are connected to their network switches or hubs. This is generally said to be below the distribution layer, which is below the core layer. access control lists (ACLs) Programming that can be added to a router’s configuration that enables it to filter traffic going into and out … Continue reading

Attacking A Database With SQL Ninja

| 0 comments

I find it absolutely amazing the SQL injection is still a large problem when it comes to application security.  The fact is this type of injection attack is not overly difficult to mitigate, rather the fact is many developers do not understand the inherit flaws the inject into an application.  The purpose of this post is both educate and introduce a great tool named SQL Ninja, which is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote access on the vulnerable … Continue reading

Studying for the CompTIA Network+ Exam

| 0 comments

Security is my passion and recently I was studying for the CompTIA Security+ exam and now I have turned my attention to the Network+ exam. It has been a number of years since I last worked in network administration, but I am a firm believer that to be a well rounded professional you have to have knowledge across a number of domains. In fact beginning in January 2013, I will begin my journey to become CISSP certified. The following materials I purchased and I am happy with the material, but know that I have not taken my exam and I … Continue reading

SQL Injection Made Easy With Havij

| 0 comments

It is amazing that one of the biggest vulnerabilities when it comes to database driven web applications is SQL Injection since this vulnerability is not difficult to resolve.  The sad fact is for what ever reason this threat remains on the OWASP Top Ten Project. Developers, managers, testers, and pretty much everyone across the globe must wake up and deal with this threat. If you do not then you may find yourself dealing with a breach in security from Havij or other similar products that carry out SQL Injection attacks. Havij is simple to use and is 100% GUI based and … Continue reading

Free Security Magazines, White Papers, and Downloads Of October 2012

| 0 comments

Takes One to Know One: Think Like a Hacker for Better Security Awareness 52% of businesses experienced more malware infections as a result of employees on social media. Security awareness is mostly about common sense, and thinking like the hackers to understand what security weaknesses they look for. But like other security precautions, it’s easy to let down your guard. Security awareness education can arm your staff with the skills to practice safe Internet usage – to reduce malware and other cyber threats. In this paper, find out: Best ways to deliver a security awareness program What you should teach … Continue reading

Damaging Corporate Computer Crime

| 0 comments

One of the countless cyber threats today to corporations is organized crime. The reality is organized crime no longer marches into a business and demands so called “protection money” or executes a “smash and grab”; rather these groups are sophisticated and leverage technology heavily for criminal activities. Also it is important to note that when you consider this type of threat, you must also understand that it could possibly include the insider threat. I am always amazed when I speak with others about security that do not fully comprehend threats from “trusted” sources which included employees that more often than … Continue reading