Skip to main content


Showing posts from May, 2009

US Cyber Security Report and Press Conference

As many of you have heard, President Obama has announced the release of the 60-day report and the appointment of a cyber-security czar to provide white-house oversight for the initiatives related to the recommendations. Here are quick links to the pdf report , and to a video , video part-2 of Obama's press conference with the highlights.

Java Vulnerability within Fully Patched OSX - POC

Here is an excellent POC of javascript which exploits an unpatched vulnerability within any browser (firefox on mine). Beware of testing this link though as it attempted to change firewall settings when I visited. Yet another reason to use a filter like noscript in the browser! Here is an excellent explaination of what is going on with this one. Thanks guys!

OpenSolaris, ZFS, iSCSI and OSX - Creative Storage - Part II

In part I of this post, I looked at the simple steps required to setup a relatively simple storage solution using OpenSolaris, ZFS, iSCSI and OSX. This was about a month ago, and I've made some significant changes on how this is used for me. At the end of the last post I left off on the part dealing with configuration of the iSCSI initiator side of the solution. I stopped here because there were some issues related to the installation and use of the software. The iSCSI initiator that I was using was Studio Network Solutions GlobalSAN initiator (version which is used to allow for connections to their products. This software will also allow for connections to ANY iSCSI target! After the configuration of the iSCSI target on the ZFS pool, and installation of the client it was trivial to get the connection established with the storage pool, and it showed up in OSX as a raw disk which had not been formatted. I proceeded to format the disk as HFS+ and it then mounted as a lo

PCI Compliance - IT or Legal Issue - New Paper

In a recent ISSA published article David Navetta has shared some excellent insight on the scope of PCI Compliance and some of the true risks to managing and delivering on its requirements. You can find the paper here .