Exploring Computer Security

How to Avoid Online Money Making Scams

If you have ever wanted to make money online and searched the internet for such opportunities, you have probably noticed a grand assortment of embellished programs offering you the world. If you’ve opted in to any newsletters, your email has probably been sold and now you also receive spam emails soliciting more money making opportunities. Receiving scam propaganda is hard to avoid. Of course, they all require you to send someone money. The most dangerous are the Nigerian email scams trying to get you to be a middleman for some millions of dollars tied up overseas.

So, how do you filter out and avoid the online money making scams vs real online opportunities? I recommend checking out MoneyStance takes a different approach to online money making opportunity reviews. An editor will find an opportunity and create a page that will host member and anonymous visitor reviews, independent reviews from offsite bloggers, and editorial reviews. All reviews begin with the “Claim” portion of a product or program. The initial paragraph is a paraphrasing of an opportunity’s sales pitch and is followed by a few quick facts about the program, a related video or trailer, sometimes an example of implementation, the editorial review, the independent reviews, a link to the official site, the user reviews, and a link to the internal discussion forum for further evaluation. With such a vast amount of consolidated information, you will certainly be able to avoid the scams and identify the best online money making opportunity.

DISA Conference 2009 Review

DISA Conference 2009 Review

I recently attended the DISA partnership conference held in Anaheim California. This year the event was a bit scaled back from previous years, but still a worthwhile attendance. My sincere thanks to LT General Carroll Pollett for hosting the conference and his great leadership of the Defense Information Systems Agency.

If you have a chance to go to next year’s event, it is well worth it. The mornings are filled with excellent high level and motivational speakers, such as the CEO of Verizon, CTO of, CIO of Boeing, and the CIO of Fedex. The afternoons are packed with roughly 15 – 20 tracks per hour that focus on a number of more technical aspects of information security. The evenings hold networking opportunities and leading market vendor exhibits complimented with food and drinks.

I personally took more away from the leadership and business driven presentations during the mornings. Technical skills can be taught, but great leadership and business sense needs to be absorbed from the best of us. The exhibitors were great as well. I was able to explore first hand some products that my company would be interested in and (if you have kids) take home many gizmos, gadgets, and other free giveaways.

Overall I give it a 8.5 out of 10.

Infragard CISSP Training Online

The NY Metro Chapter is offering a one free day of CISSP training via the web on March 16th. This is an all day session from 8:30am to 6:30pm.

The topics for this day’s training are “Information Security and Risk Management” and “Access Control.”

NY Metro InfraGard – Web Event

3/16 – first day of CISSP Training – FREE
3/17 – 3/20 – pay for course

Visit for details and full agenda on this web event.

It’s not too late to sign up for either the online or in place at Pace University. CISSP Training is done in collaboration with IP3.

Unsuccessful Login Limits for Solaris

Lock a Solaris User Account after a number of failed login attempts

The following is a simple series of steps to configure an unsuccessful login limit in Solaris without the use of the PAM module. Account lockouts are an adequate measure to combat “brute force” attacks wherein unauthorized access is gained by attempting all possible passwords.

1) edit /etc/default/login and find the line RETRIES (probably commented out). Uncomment RETRIES and make sure it is equal to the maximum number of attempts required by policy (i.e. 5).

2) Then edit /etc/security/policy.conf Go to the end of the file, uncomment LOCK_AFTER_RETRIES, and change the setting to yes – LOCK_AFTER_RETRIES=YES

3) make sure /etc/user_attr has root with no lockout:

more /etc/user_attr
# Copyright (c) 2003 by Sun Microsystems, Inc. All rights reserved.
# /etc/user_attr
# user attributes. see user_attr(4)
#pragma ident “@(#)user_attr 1.1 03/07/09 SMI”
adm::::profiles=Log Management
lp::::profiles=Printer Management
root::::auths=solaris.*,solaris.grant;profiles=Web Console Management,All;lock_after_retries=no

When someone locks their account, your will see *LK* at the beginning of their password hash in /etc/shadow. To unlock the account just type: passwd -u /locked_user. If you want to check the current failed login attempts for a user it will be the last number on the user’s entry in /etc/shadow.

Passing the CISSP

How I passed the CISSP exam

I apologize for the lapse in posts as of late. Work has me tasked with two positions and training a new hire to fill a vacancy. In addition, I have been studying for the CISSP exam. Hence, the recent posts of CISSP Study Sheets and lack of free time to post about other security events. I am glad to report that I have passed my first attempt at the CISSP exam with much less study time investment as many are touting required. Here are the CISSP study resources I used and how much I believe they helped me:

5% – Attended a CBK seminar – 1 week
15% – Question Drills from – 500 questions total
30% – CISSP All-in-One Exam Guide – 15 hours 500 questions
50% – Past Experience – NA

To be honest, my past experience in physical security, database administration, release engineering, application security, law enforcement, and computer forensics provided more answers than all of my studying combined. The trick was wrapping real work experiences with the terminology and framework of which ISC2 has determined security professionals should be consistent. I accomplished this simply by using the Shon Harris’ CISSP All-in-One Exam Guide’s references and tips sections. Reading the1000 page book is not necessary for those with basic understanding of concepts and reasonable problem solving skills. Just focus on the finer points, the terminology, and then use the CD provided to do question drills. If you’re scoring 80% or better on the practice exams, you are on track to pass.

I’ll continue posting the CISSP Study Sheets as I create them. It’s an ongoing effort for the folks in my organization (and you) who have yet to pass or after numerous attempts. On a related note, you may want to research some test taking techniques once your studies are complete. I believe this to be the struggle with some of my colleagues.

Free Virtual Training Environment

Need a free visual and audio Information Security learning experience?

I thought I’d bring to everyone’s attention an excellent and free computer security training tool for IT professionals. The Software Engineering Institute at Carnegie Mellon University hosts a Virtual Training Environment (VTE) with a number of free demos, labs, and lectures.

VTE is a revolutionary resource for information assurance, incident response and computer forensic training, with over 500 hours of material available. VTE blends the best of classroom instruction and self-paced online training, delivering training courses, anytime access to answers, and hands-on training labs all through a standard Web browser.

If you’re a sponsored DoD member, you will receive premium access to hands-on lab simulations. However, general public visitors still have a wealth of resources available to them through the VTE Public Library.


The public library offers demos and lectures in a variety of topics, such as forensics, cryptography, networking, and other subjects depicted in the screenshot above. The demonstrations are nice in that there usually is voice over narration that explains what the operator is doing and why. The lectures are hit and miss depending on the instructor. Some presenters are just terrible at public speaking and remind me of a high school speech class. Other’s are professionals in the field and provide valuable information. The lectures are usually accompanied by a powerpoint presentation, a transcript of the dialog, and a streaming video of the classroom in which it is being held. Below is an example of the lecture interface.


Overall, this site is a great training tool for those who learn better with visual and audio media. Visit the Virtual Training Environment for yourself and let me know your opinion.

CISSP Study Sheet Security Architecture and Design

Series: CISSP Study Sheet
Entry: Security Architecture and Design

The CISSP Study Sheet Series identifies the most important details regarding each individual domain within the Common Body of Knowledge. You will want to expand your preparation beyond these study sheets, such as my top 3 favorite CISSP study resources. The intent of this study sheet is to act as a last minute cram of the most significant principles, theories, formulas, and terms for each domain. I recommend reading the CISSP Study Sheets just before the test, and then doing a “brain dump” of notes for the first 15 minutes onto the paper issued with the CISSP exam. Hopefully, you will have remembered enough to have created an authorized cheat sheet. The third study sheet will focus on the Security Architecture and Design domain.

Security Architecture and Design Study Sheet

Information Security Management System (ISMS) – planning, creation, and maintenance of data and the processing of such information.
Information Security Architecture (ISA) – high level structuring of the business’s security requirements.

Trusted Computing Base – hardware, software, and firmware components of a network or system that addresses the aspects of security.
Reference Monitor – a theoretical machine that mediates subject’s access to objects.
Security Kernel – tamper proof mechanism that controls access to system resources by enforcing the rules of the reference monitor.
Security Perimeter – the imaginary boundary separating the components of the Trusted Computer Base and those elements outside it.

Common Architecture Language – addresses and ensures the communication and motivation of stakeholders.
Architecture Model – the beginning template in order to formulate an individual plan.
IT Infrastructure Library (ITIL) – aids the implementation of a framework through documents pertaining to service support, service delivery, security and application management, ICT infrastructure management, planning to implement service management and the business perspective.
Zachman Framework – deals with many components on a two dimensional level and gives a holistic view of the organizational architecture.
Control Objectives for Information and related Technology (COBIT) – an IT governance framework, functioning at an operational level, which manages the collaboration of control requirements, business risk, and technical issues.
Committee Of Sponsoring Organizations (COSO) – a corporate governance framework, functioning at the strategic level, to provide reasonable assurance of achieving the organization’s mission and evaluating the internal control systems.
The Open Group Architecture Framework (TOGAF) – modeled for businesses, applications, data, and technology to provide a wide ranging approach to the design, planning, implementation, and governance of enterprise architecture.
Department of Defense Architecture Framework (DoDAF) – consists of operational, technical, and overarching views for government architectures.

Centralized Architecture – a mainframe based environment with central control of security measures.
Distributed Architecture – modern client server based environment needing standardized interfaces and protocols.
Thin Client Architecture – limiting of functions on a workstation to a more hybrid distributed and centralized approach.

CPU – performs mathematical and logical functions, and controls the timing of executions.
Secondary Storage – consists of non-volatile media, such as a hard drive, backup tape, floppy, or CD-ROM.
Virtual Storage – paging and swapping operations of secondary storage needed to enlarge a bank of memory.
Deadlock – occurs when multiple processes attempt to access the same resource simultaneously.

Process Isolation – preserving the integrity of an object, preventing object interaction, and creating independent object states using such tactics as segmented memory addressing, time multiplexing of shared resources, naming distinctions, encapsulation of objects, and virtual mapping.
Layering – Adds modularity to the system by separating processes and allowing layer communication only through defined interfaces.
Ring Protection – controlling access through numbered ring segments for the OS Kernel, Input / Output, utilities, and user applications. Privileged processes running in a low numbered inner ring whilst the higher numbered rings have access to less system resources.

Dedicated Security Mode – only processes one level of information classification and is restricted to just the user(s) with the appropriate security clearance.
Closed System – proprietary to a vendor.

TOC/TOU – Time of check / Time of use asynchronous attack takes advantage of timing event dependencies.
Covert Channel – unintentional timing and storage avenues that transmit data in violation of the security policy.
Covert Timing – the modulating use of system resources to enable process to process communications.
Covert Storage – permits processes to write to storage and allows other processes to read it.
Maintenance Hook – a programmer’s backdoor into an application for maintenance purposes. Remove before production.

Trust – all the security mechanisms are functioning correctly to protect sensitive information.
Assurance – the level of confidence that the security implementations will provide adequately protections during foreseeable circumstances.

Security Model – used during the development of security policies, system engineering, and software implementation.
Information Flow Security Model – tracks data to indentify if sensitive information is being transmitted to unprotected areas. This addresses Covert Channels.
State Machine Model – an abstract math model where state variables represent the system state. For example, if a system starts in a secure state, it needs to fail securely also.
Lattice Model – a mathematically descriptive model that provides upper and lower bounds of authorized access.
Non-Interference Model – preventative controls that limit subjects from violating security policy and affecting each other when operating in different domains.
Bell-LaPadula – a confidentiality model that disallows reading up and writing down.
Biba – an integrity model that prevents unauthorized users from making modifications and disallows reading down and writing up.
Clark-Wilson – an integrity model that uses access triple and limits rights to objects via applications.

Orange Book (TCSEC) – the Trusted Computer System Evaluation Criteria was maintained by the U.S. Department of Defense and is an older means to evaluate the security functions supporting confidentiality.
ITSEC – the Information Technology Security Evaluation Criteria is an international evaluation tool that separates assurance and functionality ratings (EF).
Common Criteria – Created from the fundamentals of TCSEC and ITSEC, the Common Criteria is an international standard, or ISO 15408, and is the latest means of evaluating system security.
Evaluation Assurance Level (EAL) – a measurement of 1-7 identifying and verifying the security functions that address confidentiality, integrity, and availability.

Certification – validation that the technical and non technical controls on a system are suitable for the operational environment.
Accreditation – management’s formal acceptance of the certification and approval of the system to operate in a specific environment.

More CISSP Study Sheets and other CISSP resources.

Funniest Computer Security Story Contest

Win a Magazine Subscription of choice with the most humorous Information Security Story Contest

Funny Story Contest

I thought it would be entertaining to host a contest for the funniest most humorous computer security story. I know they exist. Not only do I deal with the day to day stuff, I’ve participated in a collaborative experiment with Foundstone to test companywide user security awareness. The scenarios that resulted were quite humorous and probably trumped my favorite experience during normal daily activities. Here is how the contest will work.

Contest Requirements

Submit your story to bouch at secureputer dot com
It should be 100+ words
Related to IT and primarily Security
Not made up or stolen from another source (honor system)
You can submit more than one story. I know I have many.
and of course so funny I’ll fall off my chair

Contest Rewards

1 Year Magazine Subscription of your choice. If notified that you are the winner, I will provide instructions via email on how to claim your prize.

Contest Results

On November 15th 2008 I’ll post the submissions and a poll for you to vote on your favorites. On Christmas Eve 2008 (December 24th 2008), the poll will end and the winner will receive a Holiday gift of a free 1 year subscription to a magazine of choice.

I’ll include a couple of my own tales, but will exclude them from being voted for. I wish everyone the best of luck and I hope to host quite a few contests in the coming years. I enjoy hosting contests and have no problem funding prizes for participants of

911 Remembered

Take a Moment to Remember the Fallen

Free AntiVirus

My heart goes out to all the families that lost loved ones 7 years ago on that most tragic day. I salute the men and woman who stepped up to fight the terrorist threat head on. To the soldiers wounded and killed in the battles that followed, you are in my prayers. A moment of silence for you all


Support the Serving

To the military men and woman still fighting this terrible war, take care of yourselves and be safe. My former unit, in which I served in Operation Enduring Freedom, is currently deployed to Iraq and is training the Iraqi police departments. You are doing a great service. We need them to take care of their own so that U.S. Troops can come home. I hope all is going well for the 344th and I promise to send another care package full of beef jerky and sunflower seeds soon. If you didn’t know, those two foods are the most sought after items in a care package.

In addition, any donations receives this month will go directly toward the creation of more care packages. If you are so generous, the donation button is in the bottom of the sidebar.

Barbary Pirates Evolve Into Modern Day Hackers

I recently attended an Infragard meeting that featured an interesting lecture titled “Freedom of the Cyber Seas” given by Aaron Turner.

The article presented an interesting comparative analogy of the historic Pirates of the Barbary States and nowadays hackers. The thesis revolves around the measures taken by the United States to defend itself from pirates in the early days of independence and international trade. Aaron compares the Tripoli, Morocco, Tunis and Algiers sponsored Barbary pirates to paid hacker coalitions. Much like ancient pirate fleets, hacker groups are being hired by nations to attack other nations, such as the Russia Georgia incident. These hackers could be considered internet mercenaries or modern day pirates.

The article also parallels the extortion demanding pirates with modern day computer security protections. If the pirates didn’t exist, no tribute would need to have been paid for safe travels. If malicious hackers didn’t exist, there would be no need to spend a fortune on security products for safe internet travels. Aaron preaches drastic measures, such as Jefferson’s philosophy “Millions for defense, not one cent for tribute”, is needed to properly defend the United States in the new “sea”, the world wide web.

  • egypt ebony star vs black dick
  • unique sexy girl xtasia
  • growth spurts in teen girls
  • boobs of bollywood actresses pics
  • swollen pregnant tits gallery
  • free muscle women splits videos
  • free virgan lesbians
  • galleries mature pumps
  • pictures of german black forest people
  • teen girls caught sex
  • is oral sex banne inislam
  • Ebony nude sex
  • truck driver sex movies
  • lesbian sagging breasts
  • ebony teen boys masterbating
  • candy ebony star
  • girls bravo hentai pics
  • naked boys and galleries
  • playboy erotic movie list
  • rough asian
  • pussy and butthole close up
  • naked amateur hd videos
  • teen age girls creaming
  • msn webcam amateur teen
  • real couples pictures
  • black pontiac g gxp pictures
  • free arab teen movies
  • ass anal bdsm torture
  • milky tits movies
  • Hot coed sex
  • amateur squirting water sport videos
  • ass object penetration video
  • black girl xxx gallery
  • man woman sex video
  • free xxx amateur video busty
  • girl friends tits
  • boobs with large nipples galleries
  • girl puts eel in ass
  • free asian orgy movies
  • free amateur video register credit
  • Girl striped naked
  • Sara jay sex movie
  • pictures of mature women in girdles
  • tachycardia in teenage girls
  • jenna fischer butt pics
  • young girl sexy asian naked
  • maked teenage girls
  • free girl uses butplug video
  • amateur sex amateur amateurs
  • Kelly brooke nude videos
  • Young sex tape
  • girl ride bike to orgasm video
  • sexy and young korean boys
  • real female orgasm video free
  • Example scripts for teens
  • wife playing with pussy
  • young boys first anal sex
  • swingers wife pat
  • naked girl from titanic
  • free nude young asain schoolgirl photos
  • fat tits anal
  • Mallu sex image
  • free mature foot videos
  • Hot blonde huge tits
  • lesbians suckling tits
  • sex therapy erotic stories
  • ex girlfriend gang bang slutload
  • japanese teen anal insertion
  • mmf bi sex anal strap on
  • naked pictures of tila tequlia
  • anal schoolgirl uniform
  • naked sexy cartoons
  • little girl scout sex stories
  • naked family on tube
  • Teen solo gals
  • babes video having sex
  • tranny and lesbian
  • xxx pregnant black women pics
  • celeb vids
  • free black cocks
  • peeing closeup gallery
  • very young teen pics archives
  • white skined girl sex
  • busty blonde black cock
  • women banging popsicles free video
  • sexy emo and fuck
  • star teen video
  • amateur teen parties
  • locker room girl
  • anal sex girls dubai
  • hardcore big cock anal
  • ebony gymnast gallery
  • britney spears fingering herself video
  • xxxx hardcore small dick cuckold sissy
  • sexy coworker amateur video
  • youngest teens licking pussy pics
  • sexy legs tasty pussy
  • sexy ring girls
  • adult sex lesbian
  • free soft lesbian sex movies
  • mature asian lesbian fucks girl
  • girls with shaved and pierced pussys
  • younge girl sex free video
  • classic threesome
  • xxx desert
  • hiruste black men sex
  • free sleeping streaming videos
  • vollyball girl ass
  • teen anal invision
  • free star facial movies
  • erotic teen massage videos
  • Lovely ladies naked
  • young old fuck video movie
  • litle teen sex pics
  • throat blowjob movie
  • Girls licking other girls vaginas
  • beauiful black girls
  • amber lynn free fuck video
  • amature naked housewifes
  • massive teen pussy lips
  • girl beach mexico fuck
  • big wet black tits
  • husbands watching wife have sex
  • asian pussy fucking blacks
  • Cumming in her pussy
  • black power olmpics
  • drunk halloween girls flashing
  • stocking girl pics
  • hot sex craved babes
  • free wife swingers illinois
  • video s of chicks getting fucked
  • chubby fuck vids
  • huge boobs ida beatrice video
  • butt fly pics
  • japanese straeming
  • like sex movies
  • buckcherry crazy bitch unedited music video
  • ebony black pics cocks hunks
  • housewives new jersey sex tape
  • free video oral group
  • webcam girls on msn
  • Mom teaches teen daughter
  • xxx cartoon egg laying girl
  • womens opinion of anal sex
  • small petite clothing alogs for women
  • turis amateur
  • young video models
  • mature big hairy pussy online
  • blowjob training movies
  • hypnotized japan girls
  • free hardcore ging videos
  • butt plug galleries
  • spider in my pussy
  • jasmine black interacial anal
  • free hot oily sex videos
  • Brazil hard sex
  • big nipples flash video
  • sexy sluts young
  • Itchy inflamed vagina
  • ebony girls pumping white cocks
  • tight sex videos
  • hailey young anal
  • japanese teen underwear models
  • free hentai shemale videos
  • xxx asian hardcore videos
  • you college threesome
  • Girls ass smell
  • beautiful tits erect cock video
  • asian black tights
  • mom sister girlfriend archive daily
  • and girls naked
  • free hot wife rio pics
  • teen pussy tits amatuer
  • hardcore adult movies for sale
  • wactch me fuck my girlfriend
  • Sexy naked latino
  • eva angelina group sex
  • humor n sex busty teen latina
  • leslie townsend videos
  • chaps anal girl
  • erotic guide met art
  • mature woman teaching video
  • sex femaleejaculation info video
  • Site ensenando tanga ass teen
  • non nude young model videos
  • hot guys sucking pussy
  • two girls suck pov
  • Hot girl with big boobs
  • nice japanese girls bj
  • Lesbian sisters videos
  • slutload little girls pussy
  • most controversial young teen model
  • free pussy lick photos
  • videos behind the wall
  • amateur x vids
  • free big ass girl picures
  • Hot girls on poles
  • nude free teen gallery
  • boobs at a party
  • young lil petit girls
  • pussy licking in park
  • melissa camel style fuck video
  • measuring boobs movies
  • black beauty sex link chicken
  • hot busty shaved milf pussy
  • Actress sex images
  • lesbian sex messages
  • rubber gloves fetish handjob sex girls
  • Cute girl movies
  • young boy lick pussy
  • noy another teen movie
  • free xxx rough threesome
  • Hot strip tease girls
  • first teen sex galleries
  • fingering techniques for lesbians
  • Edward scissorhands sex scene
  • sexy halloween girls
  • ebony xxx free pics
  • sexy babes without clothes
  • indian movie free download
  • nylons amateur home video sex
  • Sex toy xxx
  • hardcore moaning videos free
  • yong teen lesbians
  • life style pics girls
  • sexy wife swapping first time vids
  • Black lesbians scissoring
  • yotsuba koiwai girl
  • Nude hollywood sex videos
  • innocent young girl galleries
  • couples hot amateur sex
  • free red hot girls
  • twilight dose edwerd fuck bella
  • Angelia jolie sex scene
  • movie makers in ohio
  • teens and sexual stuff
  • innocent virgin young teen sex videos
  • black blowjob search engines
  • teenie xxx
  • Kasumi nude pics
  • ebony sex thumbs
  • teen toplist sex
  • office sex fuck
  • free big pussy thumb
  • phat azz huge black dick megaupload
  • ancient asian granny video
  • kelly madison fuck video
  • huge black girls galleries
  • asian schoolgirl fucked
  • free skinny hardcore movies
  • world glamours babes
  • young puffy puffie tits
  • free star xxx pic
  • next door nikki webcam nipples
  • sex in the shower videos
  • clit lick teen
  • alpha video
  • sex in diapers video
  • ass cum video
  • Hot ladies ass
  • ass pics of girls
  • high school girls butt pics
  • Girls going wild naked
  • free sex pics youngest
  • dy sex with daughter video
  • teen titans gallery
  • free deep throat girl
  • naked girls in summer
  • fat mature sex models
  • girl with large facial tumor
  • black college girl sex
  • old wives tales of babys sex
  • girl ass wet
  • retro vintage shemale crossdressing pics
  • Madonna movie sex scene
  • drunkest women fuck videos
  • pictures of neil young at olympics
  • pussy org viedo
  • pussy breasts cunt video
  • tiny teenie teen asian
  • petite girl pounds
  • amateur couple you
  • wife sex stories extreme
  • Types of breasts pictures
  • pale her tight ass movie
  • sexy mature dresses
  • free amatuer interracial gallery
  • young japanese double anal
  • stripper pussy squirt