Information Assurance – James Harper's Thoughts

Browser Add-ons — Read Terms and Conditions

Posted on January 14, 2019 by admin

I found this wonderful sounding add-on to Chrome this morning. It lets you select one or more Gmail emails to convert to PDF. Then, you can download the PDF or put it on Google Drive. I was quite excited and downloaded the add-on.

When I installed it, I learned that I have to create a CloudHQ account and give CloudHQ permissions to have read-only access to my emails.

No. Just no.

Always read Terms and Conditions when installing anything on your computer. The more companies that have access to your information, the more likely you will become a victim to a data breach and identity theft.

https://blog.cloudhq.net/save-as-pdf/

Defense Federal Acquisition Regulation Supplement (DFARS) Clause 252.204-7012

Posted on January 2, 2019 by admin

This is a good link to describe DFARS 252.204-7012, which is the set of security requirements that all DoD contracts must follow:

https://business.defense.gov/Small-Business/Cybersecurity/

Avoid Reusing Passwords

Posted on December 4, 2018 by admin

Do you use the same password on multiple websites?

If so, it is possible that hackers can download a list of email addresses and associated passwords with your information. Are you on a list like this?

This is the reason that everyone should use strong passwords along with a password management program like Keepass. Keepass helps you keep track of passwords so that it is easier to use unique ones for each website.

https://www.troyhunt.com/password-reuse-credential-stuffing-and-another-1-billion-records-in-have-i-been-pwned/

Google Knows…

Posted on November 16, 2018 by admin

If you have an Android phone, Google likely has a history of most of the places that you have been over the past 10 years. You can view that history by signing onto your Google account (via Gmail, etc.) and then going to:

https://myactivity.google.com/more-activity

Under location history, click “View Timeline.” A map will appear with dots showing where you have been. Based on my map, it appears that the history may only include locations within the United States and Canada. And there are missing places. But, the accuracy of the information displayed is quite refined. For example, I can zoom into a location I visited on a business trip a few years ago and can tell the hotel I stayed at. I can tell when I arrived at the hotel for the evening and when I left for the airport the next morning.

This location tracking is turned on by default on Android devices. It can be turned off in theory. But, it is entirely possible that Google collects and retains this information anyway.

General Links

Posted on November 15, 2018April 7, 2019 by admin

WASC Threat Classification – A dictionary and description of various website attacks

Other

US Mobile Cell and Data Plans – Amazing prices if you know exactly what you need.

Fund and Grow – This company specializes in business finance through business credit cards. Interesting idea. I cannot recommend them one way or the other.

HourOfCode – Short programming oriented courses for kids – or kids at heart

3D Printed Gadgets for Woodworking

Tools

15 Tips On How to Use ‘Curl’ Command in Linux

Wi-Fi Networking Links

Posted on November 14, 2018February 22, 2019 by admin

TL-WR802N Router

Here is the official link to the TL-WR802N router that I purchased in November 2018. Note that this router comes with a highly insecure default configuration. With some simple cracking tools in Kali Linux, I was able to obtain its login name and password in under one minute…

https://www.tp-link.com/us/products/details/cat-5506_TL-WR802N.html

Nevertheless, Open-WRT and DD-WRT can be installed on it to provide a more secure system.

https://openwrt.org/toh/tp-link/tl-wr802n

https://wr802n.blogspot.com/2018/04/dd-wrt-install-on-tp-link-tl-wr802n.html

Secure Your Router’s Access (OpenWRT)

How to Make an ISO Copy of Your Hard Drive on Ubuntu

Portable Apps

General Links

Lock Down Wi-Fi with Wireless Isolation

Wi-Fi Security – WEP, WPA, and WPA2 (hakin9_wifi_EN.pdf)

CVE Details – The Ultimate Security Vulnerability Database

https://tools.tracemyip.org

Wireshark Display Filters

Posted on November 14, 2018February 22, 2019 by admin

Here is a PDF version:

Wireshark_Display_Filters

Penetration Testing Hardware

Posted on November 13, 2018November 13, 2018 by admin

The links below are to hardware devices that can be useful for penetration testing:

https://shop.hak5.org/

Professer Messer Security+ Videos

Posted on October 12, 2018February 22, 2019 by admin

A good video supplement to Mike Meyer’s Videos for Security + is the Professor Messer set of videos:

Professor Messer Security+ Videos and Notes

These videos are 100% free. And they are transcribed for those who prefer audio or visual learning. Professor Messer also has detailed notes for a reasonable fee.

US DoD Major Defense Acquisition Programs

Posted on October 8, 2018October 8, 2018 by admin

Here is a list of the US DoD’s major defense acquisition programs (MDAP) and major automated information systems (MAIS) acquisitions that are currently in progress:

US DoD MDAP and MAIS List

PNO = Program Number

Software Development

Information Security

Networking

Other

Tools

TL-WR802N Router

General Links