Security

IIS Server Headers – Clickjacking – X-Frame-Options

Configure IIS to use – X-Frame-Options I recently had a request to update a server to correct a few audit findings.  One finding was related to “clickjacking” (More info from Wikipedia and OWASP) Clickjacking is a process where a malicious link is injected on the page that takes you to what you would think is a normal page but is hijacking …

Read more

Bolt CMS – Great Simple CMS engine – Review

Bolt CMS Discovery I recently had a need to setup a site with a content management system. In the past I would just use WordPress. However, recently it seems that WordPress has become more overhead than needed. Don’t get me wrong I love WordPress, and all the features it provides like woocommerce, SEO, and every other plugin. In this particular case …

Read more

Magento Patch 7405 – Broken Image and Image Upload

Magento

Magento Images Broken after Upload I recently updated a few sites using Magento with the new security patch 7405 (note that link is for the patch info – not a download – more on that later). After the update any images uploaded or added resulted in a broken image link. I was able to troubleshoot and while looking on the server, …

Read more

Dynamic DNS – Dyndns alternatives

Dynamic DNS for Custom Domains I have been using dynamic dns for many years.  My preferred provider was always dyndns.org.  In early 2014 Dyndns (or Dyn.com) stopped offering a free Dynamic Dns solution.  You can read about their decision to stop providing this service (here).  NOTE:  I don’t disagree with their decision, at one point I even used Dyndns as a …

Read more

Magento Patch – SUPEE-5994 – PEAR Error

Magento

There have been a series of Security issues recently.   The major systems that power the web Magento and WordPress have had critical vulnerabilities (wordpress) (magento).  I won’t go into the details of both, but the important part is that you need to patch your systems. In particular Magento had 3 patches that need to be added to your system.  One …

Read more

Secure Home Network for Kids – Safe Browsing

Secure Your Network for Kids I have 4 children and often have family over to our home.  At any given time there are around 30 plus devices on our network.  My wife and I have talked to our children about safe usage of the web but I am just as concerned of malicious websites and adware as I am of my …

Read more

iPfire vs PFsense – Firewall Review

I have posted in the past about all the great things you can do with DDWRT or with PFsense.   After a few years with PFsense I have changed to iPfire.  If you have not heard of iPfire I would suggest reading about this awesome firewall platform.  The main focus of iPfire is for Security.  This is my simple review of the two systems …

Read more

iPfire – ClamAV and Customization

I have been very happy with my current Firewall setup of iPfire (ipfire.org).  The system has done a great job of performance and security.  I use many features from Squid, Snort, openVpn, and others.  I even tried the TOR proxy routing. This weekend with lots of family over for Thanks Giving it was great to watch the proxy reports and see …

Read more

ShellShock – How to test your system

In the past few weeks the number of security incidents in the news has increased.  Home depot, Jimmy John’s and also Shellshock.  From credit card theft via malware to online security vulnerabilities you need to keep on guard. This most recent ShellShock vulnerability is going to be big.  Since a very large portion of the web is using Linux or some …

Read more

Minimal Footprint online – No Google

I attempted a while back to see if I could limit my exposure on the web.   Looking at all the security concerns and even my own security fun I decided to see what i could limit. First Steps The first place I looked was to stop all the online leakage and “free info” I was sharing while browsing.  You know …

Read more

What are you reading?

I read a few blogs but recently have been so busy at work have not really kept up with any technical blogs or news. I find that HackerNews keeps me up-to-date as much as possible.   If you don’t subscribe to the newsletter I would recommend it – go here to signup for hacker news If I don’t want to wait …

Read more

VPN – Why you should use one

It is summer time and people are traveling for vacation.    Heading to hotels, campgrounds, parks, and friends.   If your like my family you have many devices you take with you; tablets, smart phones, laptops, and all kinds of wifi devices.     As people travel they see free public wifi for use.  Please understand that these networks are not …

Read more

Google using your name and picture in ads – How to Opt Out

Google Endorsements Google has recently made a policy change.  You may have seen a notification in your gmail or Plus page.  I basically just clicked on the “x” or said OK with out thinking about it.  I am sure many other prople are like me and don’t take much time to read any policy changes.  However, recently many news sites started …

Read more

Fun Computer Tricks (Possible Inappropriate tricks)

I read a great blog by Troy Hunt frequently.  He is an architect and MVP over at Microsoft, he typically talks about security.   He recently sent out a quick tweet regarding locking your computer.  After the tweet regarding what to do when someone does not lock their screen. http://www.troyhunt.com/2013/10/40-inappropriate-actions-to-take.html I love some of the options.  One favorite was to set …

Read more

iPad VPN – OpenVPN – PFsense

I have been waiting for a while for a good openvpn client to be available for the iPad or iPhone with out JailBreaking. A few months back openvpn released an app for the iPad and iPhone. https://itunes.apple.com/us/app/openvpn-connect/id590379981 Head on over and download if you are a pfsense user. I recommend anyone who is using public / unsecured wifi to use VPN. …

Read more