Category Archives: Security

Packt celebrating International Day Against DRM


TODAY Packt Publishing is offering all its DRM-free content at $10… All 2000+ eBooks and Videos at

Get an inexpensive and DRM FREE fix for all your tech urges in virtualization, end-user computing, Dig Data, eCommerce, Cloud computing, programming, elearning systems (including Moodle!), automation, operating systems, systems and performance monitoring, game development, Rasberry Pi, networking, advanced security, etc etc. SO MANY!!!

Here’s a short link to share:





Bonus from the Palo Alto Networks PA-500

Every now and then I get the opportunity to use in my home manufacturer gear such as Palo Alto Network’s PA-500, a next-generation firewall. Even without any policy refinement, the PA demonstrated a consistent performance advantage of about 5-6 Mbps over my straight Asus RT-N66U freshly imaged with firmware that I had installed just prior.


Is this surprising? Well, no. Not only does Palo Alto Networks make pretty fantastic systems but this test is like racing a recent BMW Roadster against a new Prius. What’s exciting if I were to have the opportunity to use a PAN firewall is that my speed would be largely deterministic and consistent regardless of what features I turned on. As of this post, I’ve turned on just about every feature such as live Data Filtering, URL Filtering, Spyware and Virus Filtering, and File Blocking.

Much more to come on the blog site so stay tuned.

IPsec has nothing to do with intrusion prevention…

…per se.

The Internet Protocol Security (IPsec) suite secures (the “sec”) Internet Protocol (the “IP”) communications by authenticating and encrypting each IP packet in a session.  Medial capitals do not apply so “sec” is all lowercase. I assume instances where the incorrect spelling of IPSec has been used are due to:

  1. The desire to create a more powerful or imposing word (IPSec being “bigger”).
  2. Confusion as to whether a relation exists between IPsec and IPS (’tis a suite after all).
  3. Human propensity to camel- or Pascal-casing even where acronym confusion can occur.

I admit the third can be the source of great amusement at times but not here.

I hope my tongue-in-cheek summary serves as a meme for any future communications and papers.  So, update your spellcheckers and let the smaller truth live on.


Google Certificate Obtained by Hackers

Trust No One

Ouch.  SSL Forward Proxies are becoming more common place for legitimate reasons. With the use of proper certs from root CAs (or trusted CAs even within your firm’s/institution’s/organization’s systems), many forms of so-called trusted communications are nullified.

Even though the hackers could execute man-in-the-middle attacks against Google/Gmail users without the end-users knowledge causing godknowshowmuchharm, at least… umm, at least it’s only one cert and everyone’s alerted. That’s positive, right? And it’s not like any hacker wouldn’t show his whole hand either! *cough*

So, no wonder why people layer security or go with proprietary methods. I’ve been asked before why Skype’s encryption isn’t standards based. Consider their decision in light of exploits such as Google certificate being hijacked…

Here’s to hope that the known cert is revoked broadly and quickly so that Google/Gmail users can sigh an uncomfortable breath of relaxation… and that people learn to not trust anyone, even themselves when it matters. ;->