D90 Tools & Techniques

Embedding Fonts in Word

Matt — Fri, 26 Nov 2010 19:45:30 +0000

http://word.tips.net/Pages/T001611_Embedding_Fonts_In_a_Document.html

http://www.howtogeek.com/howto/microsoft-office/embed-true-type-fonts-in-word-and-powerpoint-2007-documents/

Custom 404 for Apache (using PHP!)

Matt — Thu, 04 Nov 2010 23:03:44 +0000

Images, css, js just get a simple 404 Not Found page.

Everything not in the list of items we’re checking get redirected to the homepage. So a simple typo will get the redirect, but a missing PNG file that’s called by one of our pages won’t send a copy of the homepage to the client telling it it is an image file!

/* This is a custom 404 handler.


It does makes a decision -- if it's a small, auxiliary file like an image, code sheet, etc

that is being requested and not found then we'll send a standard Apache 404 page.
However, anything that looks like a website request (i.e. everything NOT in the list)

will be given a 301 redirect to our homepage.
Invoke by:

ErrorDocument 404 /404.php
4 November 2010

Matt Kivela

*/
/* Currently set to filter:

   aspx

   asp

   cgi

   css

   gif

   ico

   jpg

   ogg

   png

*/
if (preg_match('/\.[Aa][Ss][Hh][Xx]|[Aa][Ss][Pp]|[Cc][Gg][Ii]|[Cc][Ss][Ss]|[Gg][Ii][Ff]|[Ii][Cc][Oo]|[Jj][Pp][Gg]|[Jj][Ss]|[Oo][Gg][Gg]|[Pp][Nn][Gg]$/', $_SERVER[REQUEST_URI], $foo))

  {

     echo Header("HTTP/1.1 404 Not Found");

     echo Header("Status: 404 Not Found");

     echo "404 Error:
File: http://$_SERVER[SERVER_NAME]$_SERVER[REQUEST_URI] not found.
";

     echo "If this is causing a problem, you may contact admin@yourdomain.org or
";

     echo "submit a ticket at http://bugzilla.yourdomain.org/";

   }

else

  {

    $new_url = "http://$_SERVER[SERVER_NAME]/";

    echo Header( "HTTP/1.1 301 Moved Permanently" );

    echo Header( "Location: $new_url" );

  }

?>

~

Security for Educational Institutions

Matt — Fri, 15 Oct 2010 21:50:42 +0000

Couple good links for future reference:

http://www.cosn.org/Initiatives/CyberSecurity/CyberSecurityInformation/UnderstandingtheIssues/EightAssessmentQuestions/tabid/5258/Default.aspx

http://www.sans.org/reading_room/whitepapers/sysadmin/protecting-students-public-school-environment_1428

Links…

Matt — Tue, 23 Feb 2010 04:29:57 +0000

Legal stuff on Electronic Communications Privacy and Wiretap Acts:

http://www.internetlibrary.com/topics/electronic_cpa.cfm

Cell Phone Location

Matt — Sat, 13 Feb 2010 15:42:33 +0000

Fascinating — I didn’t know the difference between CDMA & GMS in how they locate phones, or the more sophisticated time based triangulation by T-Mobile:

The Federal Communications Commission’s “Enhanced 911″ (E911) requirements allowed rough estimates to be transformed into precise coordinates. Wireless carriers using CDMA networks, such as Verizon Wireless and Sprint Nextel, tend to use embedded GPS technology to fulfill E911 requirements. AT&T and T-Mobile comply with E911 regulations using network-based technology that computes a phone’s location using signal analysis and triangulation between towers.

T-Mobile, for instance, uses a GSM technology called Uplink Time Difference of Arrival, or U-TDOA, which calculates a position based on precisely how long it takes signals to reach towers. A company called TruePosition, which provides U-TDOA services to T-Mobile, boasts of “accuracy to under 50 meters” that’s available “for start-of-call, midcall, or when idle.”

Seven Principles for Security Systems

Matt — Fri, 12 Feb 2010 03:10:41 +0000

This is a very good report:

Understanding scam victims:
seven principles for systems security
Frank Stajano, Paul Wilson
August 2009

Archived here.

While reading the example scams in the article, it becomes clear much like corporate fraud they depend on collusion. A team pulling off a social hack is far stronger then a single person trying to do so.

1) While you are distracted by what retains your interest, hustlers can do anything to you and you won’t notice.

2) Society trains people not to question authority. Hustlers exploit this “suspension of suspiciousness” to make you do what they want.

3) Even suspicious marks will let their guard down when everyone next to them appears to share the same risks. Safety in numbers? Not if they’re all conspiring against you.

4) Anything illegal you do will be used against you by the fraudster, making it harder for you to seek help once you realize you’ve been had.

5) Things and people are not what they seem. Hustlers know how to manipulate you to make you believe that they are.

6) Your needs and desires make you vulnerable. Once hustlers know what you really want, they can easily manipulate you.

7) When you are under time pressure to make an important choice, you use a different decision strategy. Hustlers steer you towards a strategy involving less reasoning.

Atlantic article on Cyber Attacks

Matt — Fri, 12 Feb 2010 02:14:16 +0000

It is well-funded and pursued by mature individuals and groups of professionals with deep financial and technical resources, often with local government (or other countries’) toleration if not support. It is already responsible for billions of dollars a year in losses, and it is growing and becoming more capable. We have largely ignored it, and building our military capabilities is not responding to that threat.

James Fallow, Atlantic Magazine, February 2010

Rootkit Hunters

Matt — Wed, 10 Feb 2010 18:53:23 +0000

A few resources for finding rootkits:

Linux:
Rootkit Hunter
Chkrootkit

Windows:
RootkitRevealer

Some Sun Tzu quotes…

Matt — Fri, 05 Feb 2010 19:19:22 +0000

Good for Information Security:

All warfare is based on deception.

He who occupies the field of battle first and awaits his enemy is at ease, he who rushes into the fight is weary.

A speedy victory is the main object in war. If this is long in coming, weapons are blunted and
morale depressed.

Generally, management of a large force is the same as management of a few men. It is a matter
of organization.

(The above taken from here.)

Measure, assess, calculate, compare:

The ground gives rise to measurements, measurements give rise to assessments, assessments give rise to calculations, calculations give rise to comparisons, comparisons give rise to victories.

Way: your corporate culture

Weather: periodic changes in outside forces and moods

Terrain: cooperative, competitive, and antagonistic landscapes

Leadership: organizational leadership

Discipline: organization’s willingness to follow direction

(Above paraphrased from this source.)

Nice explanation of Solid State Drives:

Matt — Thu, 04 Feb 2010 03:04:56 +0000

Everything you ever wanted to know about how SSD works