March 24, 2006

Why is MSN IM such a memory pig?

I had Task Manager up checking memory usage and noticed the msnmsgr.exe using roughly 55MB, which suprised me.



So, I terminated and restarted the process and it started up to 33MB!



It seems like this app should use a smaller footprint...

jk

March 22, 2006

Golf 2006 - can't wait

Yes, it's the worst time of the year in MN; cold enough to have some snow, but warm enough to start dreaming of getting back out on to the links!

TwinCitiesGolf.com is again posting the Golf Courses Open in Minnesota.

Fore!

jk

March 21, 2006

I want this!

Kingston Technology Company - Press Releases - Kingston Introduces Industry's First Fully Secure USB Drive Specifically Targeted for Enterprise Use

Nice :) 'nuff said

jk

Feds Again Score Low on IT Security

While looking through the 2005 U.S. government's security report card, it is concerning that ANY agency should get an F, much less agencies like these that are critical to the function of the country!!!

  • Department of Defense

  • Department of Homeland Security

  • Department of the Interior

  • Department of State



oh, and kudos to the Treasury and Commerce departments on their D- and D+ grades respectively.

More information about scoring methodology and the hearing in general is available here.

Thanks Computerworld Security for catching my eye on this....

jk

March 16, 2006

Schneier on Security: Basketball Prank

Here's an excellent story that Mr. Bock found on Bruce Schneier's blog.

It gives a whole new meaning to "March Madness" :)

Social engineering is still quite effective, alive, and well!

cheers
jk

Qwest Voice Mail setting is unsecured

I've had Qwest voice mail for a number of years now (probably around 10). I've always had it set to ring 4 times before going over to voice mail; 4 is a pretty reasonable number of rings IMHO.

Recently, the phone would ring 2 times and then go to voice mail, making for numerous missed calls (some of which were telemarketers, so i didn't mind THAT much). Obviously, someone or some interal Qwest system changed that value from 4 to 2 for me as I didn't even know how to change it.

I finally got tired of sprinting to the telephone to pick it up before 2 rings, so I searched Qwest for the answer on how to change this voice mail setting and came up with the answer.

So, I called 800-669-7676 per the instructions, entered in only my telephone number and chose the number of rings (2-8 is allowed). Reread the last sentence. Notice how I did NOT need to type in my account password, last 4 digits of my social or use my account code (as found on my monthly statement).

Just to be sure I didn't make sure I didn't 'miss' something, I tried again and again was able to change my voice mail settings w/o providing any real authentication credentials.

THE SYSTEM ALLOWS ANYONE TO CHANGE ANYONE ELSE'S VOICE MAIL SETTINGS!!!!!!!!!!!!

From a privacy/security standpoint, this annoyed me, so I called 800-669-7676 again, punched the zero key a whole bunch of times so I could actually talk to someone, and asked about this. The response I received is that since the number of rings for voice mail is a low priority thing, that "it is unnecessary" to secure it. I asked if the changes were logged (because I wanted to find out when my account got changed from 4 to 2 rings) but that information was unavailable. Ok, I grant you the value of the asset in question here (# of rings) is low, but it is just the premise here that is troubling:

1) Why can someone change my account settings w/o my authorization
and
2) what other systems does Qwest have that allow similiar changes?

One of my friends suggested how easy it would be to build a war dialer and randomly change people's voice mail rings daily. As I found out, 2 rings is akin to mini-DoS attack!

So, I'm hoping that if this information becomes public, it will cause a change at Qwest, and hopefully not spawn an epidemic of random voice mail ringer changes!

jk

March 14, 2006

Free CDs highlight security weaknesses - Computerworld

Free CDs highlight security weaknesses - Computerworld

Even a low tech scam like this was 75% effective! "While the front of the CD contained a written warning to users to check their company's internal security guidelines before running the CD, as many as 75 of the 100 CDs were played."

People are still the weakest link in security: "The experiment underscores what experts say is the weakest point for IT security: people. While many companies have policies and make their employees sign legally binding documents with rules of use for company computers, it's doubtful users get specific training on why those rules are in place, Chapman said."

Forewarned is forearmed I guess...

BTW, if people are giving out free Milli Vanilli CDs, that is also a dead giveaway that it contains 'very bad things' :)

cheers
jk

March 06, 2006

Google makes a funny

For googles (I mean giggles) I Googled for the word maps. My assumption was Google Maps would come up as the first search result; apparently my assumption was incorrect...LOL

Click here for a larger picture

cheers and happy mapping
jk