A Microsoft Xmas

Ho! Ho! Ho! Fool!

It's been a banner month at the ol' Bill Gates household. Santa has snuck down the virtual chimney, and put all kinds of unwanted presents under our Christmas tree of security! Despite the downturn in the economy, this is the BEST Christmas in five years! Microsoft offers up patches for 28 security vulnerabilities (23 of them are critical), for all the good little girls and boys!! Get out there and update your PC systems soon! Even us Mac users are lucky enough to have security updates for Microsoft Office. Read the Microsoft Security Bulletin, here.

We've got Windows and Office and IE and ActiveX... it reads like Santa's list of reindeer! Wow!

Merry Christmas to all, and to all a good night!

[Read the article.]

Featured on "Application Security Mythbusters" Podcast

My podcast interview with Mandeep Khera at Cenzic is now online. This was from a series of interviews Mandeep had with security professionals at the Black Hat 2008 conference, in Las Vegas, Nevada this summer. He asked me what my concerns were when it came to application security. I gave him a piece of my mind.

[Visit the Cenzic site for "Application Security Mythbusters" and hear the podcast!]

November Ending

Well, the month of November has whizzed by! This last week I've been preoccupied on an emergency migration off our legacy server (in a friend's sock drawer in Virginia) to Hostgator.com. It was fairly smooth, once I got all the files transferred. Out of the couple GB of data, there were about 60,000 files it appears. It took a few days of checking and editing to find and fix all the broken links due to the case-sensitivity of Linux. Now that it's done, I feel that these twenty sites are a lot faster and I can rest assured that the site will always be accessible and live. (** The nTelos DSL option was cost effective for the past decade, but week long outages, and recovering from hard drive crashes has been just too time consuming, so it is very nice to now have business-class hosting/email services for $12.95/month!)

Now that the websites are running, I realize I haven't blogged in a while, so I will try to catch up on writing along with scanning in photos from 1992-2006 photo albums. I am currently trying to get a "Tour of Santa Fe" posted, and I will work through the various "travelogue" sets from ppsa.com, and my favorite photo sets (Outer Banks trip, RSA Conferences, etc.) Getting all my pictures uploaded and ordered will take time, but it will be very nice to have hi-resolution, edited and tagged photos online. It is pretty easy to keep up with new (digital) photos, but editing old, fuzz-covered photos from my younger, wilder days can be VERY time consuming. If you visit my Flickr, you will see quite a diverse range of pictures. Eventually I will back-date them to the correct chronological order and maybe create another account just to showcase my favorites.

On the security front, I have confirmation from Google for the RSA Conference panel, but I am waiting to hear back from another vendor. I should contact him today!

My IEEE meetings went well this month. We had a turn out of over 120 for the Joe Nickell presentation on November 8th. It was a great outreach to the community on critical thinking. We had a computer society meeting with the student branch on November 20th, and had about 25 people attend the talk on Ad-Hoc Sensor Networks. We just need two more signatures before our local Computer Society chapter is officially recognized! We have an upcoming holiday event in a couple weeks, which should be fun, but we have to decide exactly WHAT it will be in the next day. I might make it to Chicago one or two times in December for holiday events with the ISSA and CSO Dinner group I belong to.

Time to get back to work! I'll try to add to this security blog more frequently!

Website Changes

I am in the process of migrating my domains to "hostgator.com". I am finally moving my server to the "cloud", and I've been pretty impressed so far. However... the ISP that our old server is on decided to make a DSL change over the weekend, so until next week all my old blogs and portions of some domains won't be accessible.

I am redirecting my NULL SESSION blog here, for a few days. If you want to know how things are going, or what I'm watching on TV, check me out on Twitter (nullsession).

Security Goals for 2009

I was caught off-guard today by the announcement that the RSA Conference submission deadline is coming up in a week! I need to decide if I will submit any of the successful (interesting? timely?) projects I have worked on in the past year for consideration. I would love to present at the April 2009 conference in San Francisco. I was sick this past year, and kind of bounced around dosed up on Nyquil all week!

Besides this great conference, I was involved in the Black Hat 2008 conference in Las Vegas this past summer. It was good to serve on a panel for the executive briefings. So, if I can't get a paper submitted (my employer isn't always keen on discussing projects publicly), maybe I will be able to serve on a committee or panel. I was on the RSA Conference organizing committee this past year, and it was a great experience.

I finish my year as chariman of the IA-IL IEEE Section in January, and become past-chair. I still remain active in the Quad Cities Engineering and Science Council, and I am working on bringing in a speaker for the local Putnam Museum in November. I am also working on starting a "Computer Society" chapter for IEEE locally. If all works out, I will have a meeting in November at St. Ambrose University to kick that off!

For the coming year, I am serving as treasurer for the FBI Infragard board (Springfield Chapter). I am also the education chair for the IEEE for Region 4 (midwest). I think these things will keep me pretty busy. I have enjoyed my involvement with IEEE the past several years, as a board member, and it was great to spend a week in Quebec City in September for our Sections Congress. In addition to computer security, it is a great opportunity to promote general science and engineering, and critical thinking skills with K-12 and all members of the local community.

That's my update. I will try to use this space as my "professional" blog, and keep it updated with events I am participating in, and my commentary on topics related to computer security.

Too Much Coffee??

I bought some new coffee last week, and I'm on this kick at work of making a no-sugar, heavy on the cream, coffee (my own latte)... so, I did the same at home today. I found an old 52 ounce mug and filled it with ice and coffee... pretty quickly it was all gone. I now have a really wicked caffeine buzz going on. Wow!

Hello World!

Isn't this the typical way everyone starts off their blog?

"Hello, World!"

Yes, it's me. I've decided to secure the URL nullsession.blogger.com and also have a second place to blog, and yet another social link in the suffocating web of social links that surround us these days.

I've heard it's better to set these up yourself, and establish your identity, rather than to let someone pose as you! Well, posers, I'm here and I'm..... gonna post more later.