God is faithful:)
now from all sides I hear that I'm very wise. Today it is twice said yesterday it was also a couple of times. Over the past two weeks, too often hear about it. And over me insight: because in 2001-2002 I reading the proverbs of Solomon, began to pray that God gave me wisdom Let not such as Solomon had, but at least some ...
's realized this and am wondering ... God answers prayers:)
Monday, May 30, 2011
Sunday, May 29, 2011
Cobblestone Bridge Cottage
Project Contact in Saint Petersburg
Saturday traveled to St. Petersburg gave two lectures at the University ITMO . Children gathered not a few that could not please. True talked to them, I unfortunately got an extra portion of evidence that knowledge of core subjects, which they need to work in a real business, they just do not give. I hope that my advice would be helpful and will help them become experts in the profession, which chosen.

The first lecture was "What is important to know the future of specialist information security" (by the way, updating a presentation for this trip found that the service cloudshare.com, which I mention in it, unfortunately no longer free: ().
The second lecture was on the subject of personal data in general and modeling of threats (risk assessment) in particular. Presentation of the spread, but it contains only the abstracts, the basic material has been filed verbally.
View more presentations from abondarenko .
There certainly was evident that the buffer memory in children overflowed a large amount of information (subject of personal data of them did not know anybody!). I hope this is one of them did not scare away from the study of this question:)
Upon completion of the lecture, I walked a little along the Nevsky Prospect, the weather on this day was good, the streets were a lot of city dwellers and tourists, the city celebrated 308 years since its inception.

Closer to 8 pm I left St. Petersburg and went to Peregrine home.
Saturday, May 28, 2011
Oxymetazoline Hcl High
why there are people who rubbed in confidence and then suddenly get into the soul?
what is it?
is that I learned to appreciate something for what I stand? to make sure that my principles - it is not Khukhra-muhry?
option ...
but then hurt, trees, sticks ...
why there are people who rubbed in confidence and then suddenly get into the soul?
what is it?
is that I learned to appreciate something for what I stand? to make sure that my principles - it is not Khukhra-muhry?
option ...
but then hurt, trees, sticks ...
Wednesday, May 25, 2011
Subiaco Ecostazione Sciistica
good mood
whatever words describe its condition today?
appeasement? enjoyment of the world? calm? serenity?
yes, there are some difficulties and may even be a problem, but they nervously smoking in the corridor compared to the world that God gives me.
inspires perspective all that is happening:)
not go to any comparison of the opportunity to walk around the city, breathe the aroma of a stormy night with a mixture of acacia, lilac, and herbs.
pleases faithful God and His ability to maintain in all situations. Even when I was an elementary sick, God gives a man who will bring a lemon, and then carefully take an interest my feeling.
here as it does not have a good mood:)
whatever words describe its condition today?
appeasement? enjoyment of the world? calm? serenity?
yes, there are some difficulties and may even be a problem, but they nervously smoking in the corridor compared to the world that God gives me.
inspires perspective all that is happening:)
not go to any comparison of the opportunity to walk around the city, breathe the aroma of a stormy night with a mixture of acacia, lilac, and herbs.
pleases faithful God and His ability to maintain in all situations. Even when I was an elementary sick, God gives a man who will bring a lemon, and then carefully take an interest my feeling.
here as it does not have a good mood:)
What Does Prodrome Feel Like?
Canoeing trip
Fig.1 Frame folding kayak: 1 - longitudinal beam, 2 - frame number 1, 3 - frame number 2, 4-brace, 5 - a power strip, 6 - frame number 3, 7 - frame number 4, 8 - back of the cockpit, 9 - frame number 5, 10 - trough bulwarks, 11 - bulwark 12 - back, 13 - seat 14 - guard rail, 15 - Stringer, 16 - foot-steering, 17 - keel, 18 - stem.
here ugorazdilo I agree on this campaign ...
I am a long time (Seven years, probably) I was sure that I do not like hiking. sleep in a scarf? No really, thank you. not be able to properly wash? dismiss me again.
but whether my mood was pofigisticheskoe, whether it's time to try something new, but I agreed to this campaign, not even thinking.
thought I was much later - after two and a half months, at the organizational meeting where we were taught to pack things that they are not soaked in a canoe, distributed food, were callboard, planning tools and a lot of each other. at this meeting, I realized that all very seriously, and I put it mildly, got ...
the week after meeting, I struggled with the question in the spirit of the Prince of Denmark - to go or not go ...
desire of adventure prevailed over questionable prudence.
plan was simple; and the route - is plain to ugliness.
on Friday night to arrive by bus to the city sharp Chernihiv region, put up tents on the banks of the gums, to collect kayaks, sleep, and in the morning, though not with the lark, but with Orioles and finches, to go swimming in the direction of the village puff Kiev region.
for me to program at least was one thing - survive.
instant happiness came at once on Friday. one evening I managed to learn how to pitch a tent, cooked porridge on the fire, helped assemble the kayak, to communicate over zhist and a planetarium. Speaking of the planetarium. the main reason why I wanted to hike, had a dream that in total darkness distant from the big city areas I will be able to admire the stars. and see not only the Big Dipper (which to my eye even without the glasses can be seen), but also a lot of everything else ... in general at the stars I've seen enough, too:)
overnight in a tent in a sleeping bag - special pleasure. Fortunately, from the whole body froze in my nose. many more are out of luck my neighbor on the tent. though she was dressed like an onion (the onion has layers! - but there are layers of cake, too! - Yes, but ogres like onions! "Shrek"), she just froze mercilessly ...
morning was good. very pleased to unscrew the canopy ("door") stalls and see the most delicate light green-yellow tint all around - a wonderful light of the rising sun.
marvel at the taste of water from the river, which according to my expectations was to remind the mire, or else What is a swamp, was identically equal to the taste of tap water in Kiev. At this point I think hard, and clean if the water that flows from our tap ...
way on water:) The question on the planning meeting: and where we get water? - From the stream. - From the ... river?? - Yes. - She's dirty! - Boil. - ...
in general, together, we delved in kayaks and rowed meet fate toward puffs:)
by the way, the leader of our group was my grandfather on a kayak with the eloquent title "Susanin":)
man he is amazing. for his seventy years he had visited and continues to happen in all sorts of mountains, in the most incredible hikes sparkles the most incredible knowledge and has sparkling sense of humor (not a drop of sarcasm in my words).
that much more to tell:) row - One of pleasure, plyuhnutsya in cold water after one and a half hours in the heat on a kayak - the second pleasure, there's soup in the rain - the third, to breathe fresh air, hear the chirping of birds, forget about work, meet interesting people, look at the stars (yes, again!), to be alone with God, shut up, think ... stop ...
Monday morning, mom says - oh, the work rest. After a pause, I say - I'd rather be rowed for three more days ...
thanks God for this campaign. and for the fact that I survived:)
Fig.1 Frame folding kayak: 1 - longitudinal beam, 2 - frame number 1, 3 - frame number 2, 4-brace, 5 - a power strip, 6 - frame number 3, 7 - frame number 4, 8 - back of the cockpit, 9 - frame number 5, 10 - trough bulwarks, 11 - bulwark 12 - back, 13 - seat 14 - guard rail, 15 - Stringer, 16 - foot-steering, 17 - keel, 18 - stem.
here ugorazdilo I agree on this campaign ...
I am a long time (Seven years, probably) I was sure that I do not like hiking. sleep in a scarf? No really, thank you. not be able to properly wash? dismiss me again.
but whether my mood was pofigisticheskoe, whether it's time to try something new, but I agreed to this campaign, not even thinking.
thought I was much later - after two and a half months, at the organizational meeting where we were taught to pack things that they are not soaked in a canoe, distributed food, were callboard, planning tools and a lot of each other. at this meeting, I realized that all very seriously, and I put it mildly, got ...
the week after meeting, I struggled with the question in the spirit of the Prince of Denmark - to go or not go ...
desire of adventure prevailed over questionable prudence.
plan was simple; and the route - is plain to ugliness.
on Friday night to arrive by bus to the city sharp Chernihiv region, put up tents on the banks of the gums, to collect kayaks, sleep, and in the morning, though not with the lark, but with Orioles and finches, to go swimming in the direction of the village puff Kiev region.
for me to program at least was one thing - survive.
instant happiness came at once on Friday. one evening I managed to learn how to pitch a tent, cooked porridge on the fire, helped assemble the kayak, to communicate over zhist and a planetarium. Speaking of the planetarium. the main reason why I wanted to hike, had a dream that in total darkness distant from the big city areas I will be able to admire the stars. and see not only the Big Dipper (which to my eye even without the glasses can be seen), but also a lot of everything else ... in general at the stars I've seen enough, too:)
overnight in a tent in a sleeping bag - special pleasure. Fortunately, from the whole body froze in my nose. many more are out of luck my neighbor on the tent. though she was dressed like an onion (the onion has layers! - but there are layers of cake, too! - Yes, but ogres like onions! "Shrek"), she just froze mercilessly ...
morning was good. very pleased to unscrew the canopy ("door") stalls and see the most delicate light green-yellow tint all around - a wonderful light of the rising sun.
marvel at the taste of water from the river, which according to my expectations was to remind the mire, or else What is a swamp, was identically equal to the taste of tap water in Kiev. At this point I think hard, and clean if the water that flows from our tap ...
way on water:) The question on the planning meeting: and where we get water? - From the stream. - From the ... river?? - Yes. - She's dirty! - Boil. - ...
in general, together, we delved in kayaks and rowed
by the way, the leader of our group was my grandfather on a kayak with the eloquent title "Susanin":)
man he is amazing. for his seventy years he had visited and continues to happen in all sorts of mountains, in the most incredible hikes sparkles the most incredible knowledge and has sparkling sense of humor (not a drop of sarcasm in my words).
that much more to tell:) row - One of pleasure, plyuhnutsya in cold water after one and a half hours in the heat on a kayak - the second pleasure, there's soup in the rain - the third, to breathe fresh air, hear the chirping of birds, forget about work, meet interesting people, look at the stars (yes, again!), to be alone with God, shut up, think ... stop ...
Monday morning, mom says - oh, the work rest. After a pause, I say - I'd rather be rowed for three more days ...
thanks God for this campaign. and for the fact that I survived:)
Breaking The Hymenfilm
to a computer at home I got earlier than expected, so the story will be the evening.
what to write something? about yourself? about their thoughts and feelings?
or just about canoeing expedition?
or for good weather?
or strange dreams?
or the joy of wearing summer clothes?
to a computer at home I got earlier than expected, so the story will be the evening.
what to write something? about yourself? about their thoughts and feelings?
or just about canoeing expedition?
or for good weather?
or strange dreams?
or the joy of wearing summer clothes?
Afterprom House Rentals Hamptons
no time
do not have time to write that either.
to work just a row up and rake up
do not have time to write that either.
to work just a row up and rake up
Tuesday, May 24, 2011
Stubble After Brazilian Wax
Tape Incident Information Security

Colleagues, 3 months ago on a platform of LinkedIn, I started a group called "Ribbon incidents IB. In this tape (the group) provides information on incidents of information security, which occur on the territory of CIS countries. 3 months was recorded 85 incidents. This of course only the tip of the iceberg, because bulk incidents of silence, and legislation on mandatory disclosure of the incidents we have not. Down and Out but the trouble started. I then led a small statistics and posted information about incidents in free access ( here ).
those who has an account in LinkedIn so please here .
Sunday, May 22, 2011
What Does The Star Mean On A Pokemon Card
Bookshelf - Information Security Management Metrics: A Definitive Guide to Effective Security Monitoring and Measurement

Information Security Management Metrics: A Definitive Guide to Effective Security Monitoring and Measurement - another book devoted to the issues of information security metrics.
book came out in 2009 and is available for purchase at Amazon . I got to it access through the library ISACA.
Despite the fact that the book on Amazon rating - 5 stars, after reading it I do not really understand why. The book is too theorize a lot of "water". Affected by the mass of topics related to information security: risk assessment, compliance, management of information security. A lot of things, but of the metrics themselves say very little. In the end, I'm not ready to recommend it to reading.
Thursday, May 19, 2011
Prenatel Vitamins Makeing My Poop Hard
And we know that those who love God are called according to His purpose, all work together for good.
It's amazing how God blesses:)
Like It uses for this different people.
in life happens to everyone. Good, bad, and there are always people willing to care, support, help, rejoice have fun.
For the most pleasant thing - they do not care.
This is a great gift from God, when there are people who do not care what happens to you.
Thank you, who care:)
It's amazing how God blesses:)
Like It uses for this different people.
in life happens to everyone. Good, bad, and there are always people willing to care, support, help, rejoice have fun.
For the most pleasant thing - they do not care.
This is a great gift from God, when there are people who do not care what happens to you.
Thank you, who care:)
Wednesday, May 18, 2011
Matter For Valima Cards
Do you know your neighbors on the internet?
Internet - it is certainly "public place" and come into our lives cloud is beginning to understand it more acutely.

If your web server or any other corporate resources hosted by the service provider, you can not exclude the following possible risks:
- inaccessibility reursa in connection with the DDOS-attack; DDOS-s are constant, they constitute the bulk of the incidents reported in tape incidents IB ;
- hacking website (Corporate web resource);
- confiscation of equipment service-provider law enforcement officers in connection with the investigation of computer crime.
most interesting is that it may well be that these troubles will happen to you, not because your business has attracted the attention of cyber criminals or because you are not in conflict with the law, but because one of your neighbors on the internet (another resource that is located on your hosting site) was either mixed for criminal illegal business, or has been attacked by hackers, or relates to any opposition party (the eve of elections such sites will also be target in the fight for voter). Ie the attack will be your neighbor, and you get "under hand" just for the company. Here, as in life, if your neighbor is drunk, then risk of fire or drunken ponazhovschiny the stairwell increases.
What to do? Well, to start to understand who your neighbors are on the site. To do this, there are 2 interesting Resource:
Find IP Address . The resource provides a variety of tools to obtain information on public IP addresses, including eat and "Ip Neighbors Lookup - Reverse IP", which vydet information about other domains hosted on the specified IP-address (or you can simply specify the name of your website). Here's an example that I got for one of test sites:
Total 176 neighboring sites. Extremist sites, sharply political and sexual nature of them not found so that the person for whom I conducted such a test can sleep peacefully, the neighbors had normal:). While of course such a test should be conducted regularly.
And another resource - MyIpNeighbors . Resource fee, but powerful enough. At my request, one of the test site gave me much as 300 adjacent domains. No other Services such repeat could not.
Good luck to you, colleagues. I hope that your online neighbors will not do you any trouble.
What to do? Well, to start to understand who your neighbors are on the site. To do this, there are 2 interesting Resource:
Find IP Address . The resource provides a variety of tools to obtain information on public IP addresses, including eat and "Ip Neighbors Lookup - Reverse IP", which vydet information about other domains hosted on the specified IP-address (or you can simply specify the name of your website). Here's an example that I got for one of test sites:

And another resource - MyIpNeighbors . Resource fee, but powerful enough. At my request, one of the test site gave me much as 300 adjacent domains. No other Services such repeat could not.
Good luck to you, colleagues. I hope that your online neighbors will not do you any trouble.
Monday, May 16, 2011
Surface Area For Dished End Horizontal Cylinder
For those who do not make backups
Recently Eugene Tsarev via Twitter tossed a link to an interesting site backupbackup.ru . The site presents real stories of those who did not make backup and one day .... well, in general, each its own story:)
Here are just a few examples:
«That's a friend's architect recently grabanuli office and stolen the server on which lay the work for the last 3 years ... monitors there sistemnichek one, and whatnot, but does not matter ... stolen all the ideas and orders his firm, which lay on the screw server ... and the backup not done ... Well before I could ... and now a man with a mad ... himself to blame ... »
« As many probably already know, at the datacenter hosting.ua not so long ago there was a fire. Part servers burned fully, some only partially. As a result, all those who hoped for a host and not to back, left with nothing - sites they have to do again. But even those who do backups on a remote server are in a similar situation, as many were kept from the backup server in the same datacenter. »
rest read on site backupbackup.ru. Incidentally, the author of the site continues to collect stories ...

Here are just a few examples:
«That's a friend's architect recently grabanuli office and stolen the server on which lay the work for the last 3 years ... monitors there sistemnichek one, and whatnot, but does not matter ... stolen all the ideas and orders his firm, which lay on the screw server ... and the backup not done ... Well before I could ... and now a man with a mad ... himself to blame ... »
« As many probably already know, at the datacenter hosting.ua not so long ago there was a fire. Part servers burned fully, some only partially. As a result, all those who hoped for a host and not to back, left with nothing - sites they have to do again. But even those who do backups on a remote server are in a similar situation, as many were kept from the backup server in the same datacenter. »
rest read on site backupbackup.ru. Incidentally, the author of the site continues to collect stories ...
Where Can Make Pro Wrestling Kickpads
Safety in the details
Came across an interesting post here at LJ, on the way to New York struggled with severe kriminagennoy environment by curbing petty offenses.

Article interesting in itself, but also gives rise to reflection and a specialist in information security. In our case, just as a general disregard for established rules (or lack thereof) is in the details to the fact that there are some serious information security incidents. Maybe it's something with which one should start by building security?
Saturday, May 14, 2011
Is It Safe To Sleep With Compression Shorts
Crash site Blogger
Thursday and Friday very popular blogging platform Blogger experienced difficulties at work. Disappearing blogs, posts, comments, it was not possible add new posts.

Here's what happened: during scheduled maintenance work Wednesday night, we experienced some data corruption that impacted Blogger's behavior. Since then, bloggers and readers may have experienced a variety of anomalies including intermittent outages, disappearing posts, and arriving at unintended blogs or error pages. A small subset of Blogger users (we estimate 0.16%) may have encountered additional problems specific to their accounts. Yesterday we returned Blogger to a pre-maintenance state and placed the service in read-only mode while we worked on restoring all content: that’s why you haven’t been able to publish. We rolled back to a version of Blogger as of Wednesday May 11th, so your posts since then were temporarily removed. Those are the posts that we’re in the progress of restoring.
В общем-то проблемы for different reasons from those who keeps a blog at blogspot-e, occur (as well as for users of any other service, it suffices to recall the recent DDOS on LJ). Therefore, I highly recommend everyone to do a regular backup of your blog and for this purpose is very simple and useful utility Blogger Backup.
You can download it here .
Utility allows backup and restore if necessary, as the whole blog and individual posts.
В общем-то проблемы for different reasons from those who keeps a blog at blogspot-e, occur (as well as for users of any other service, it suffices to recall the recent DDOS on LJ). Therefore, I highly recommend everyone to do a regular backup of your blog and for this purpose is very simple and useful utility Blogger Backup.
You can download it here .
Utility allows backup and restore if necessary, as the whole blog and individual posts.
Thursday, May 12, 2011
Per Gram White Gold Price In Chennai
Moscow branch of ISACA in LinkedIn
colleagues about 2 months ago there was a meeting of the Moscow branch of ISACA, and as the new president was elected Alex Shindin. But unfortunately there is nothing to my knowledge new in the life offices had not happened. Site isaca-russia.ru still "lies" and whether resuscitated unclear. Perhaps Alex is now busy with organizational issues. I unfortunately do not know how to connect with Alexis (if someone knows - skinte contact), so for now taken the initiative and organized a group in LinkedIn - ISACA Moscow Chapter.
Join and colleagues!

Join and colleagues!
Wednesday, May 11, 2011
Funny Birthday Facebook Event Description
somersault our legislators
in Kommersant today released article titled "Self FSB. The article does not apply to information security, but here I will give some notes:
"... Mandatory requirements for" counter-terrorism security facilities will be established by the Government presentation and offer relevant ministries, as well as the FSB and the Interior Ministry, "said deputy Rozuvan ...."
"... Who will be the main coordinator of activities or will ensure that all preventive measures if anyone is in that much? "- figured Valeria Lekareva (Fair Russia). In order to avoid" orgy of law, we and determine that the government taking into account proposals of ministries and departments clearly defined set of activities, "said Mr. Rozuvan ...."
"..." list is hundreds of thousands and sometimes tens of millions of rubles, "- he said. In addition, terrorist attacks in Russia occur in most major cities, in the North Caucasus and in the surrounding regions to it. "But now the prevention of terrorism at his own expense will be required to do even" municipalities Far North, where in the last 2 thousand years has not happened a single attack "...."
"... All this" prevention will result in higher prices, "through which businessmen will be compensated their spending on counter-terrorism security ...."
"... However, the performances spravorossov did not affect the opinion of the Duma majority, which approved bill on first reading ...."

"... Mandatory requirements for" counter-terrorism security facilities will be established by the Government presentation and offer relevant ministries, as well as the FSB and the Interior Ministry, "said deputy Rozuvan ...."
"... Who will be the main coordinator of activities or will ensure that all preventive measures if anyone is in that much? "- figured Valeria Lekareva (Fair Russia). In order to avoid" orgy of law, we and determine that the government taking into account proposals of ministries and departments clearly defined set of activities, "said Mr. Rozuvan ...."
".... The concept of the bill, in his opinion, boils down to the fact that "salvation is drowning in Russia, the handiwork of drowning." In his opinion, the bill should be given at least "the criteria of security of buildings." Or, now, each "factory, plant, warehouse should be besieged wondered spravoross, According to which anti-terrorism commission on the ground already send a business structure with a list of prescription-binding anti-terrorism measures ....."
"..." list is hundreds of thousands and sometimes tens of millions of rubles, "- he said. In addition, terrorist attacks in Russia occur in most major cities, in the North Caucasus and in the surrounding regions to it. "But now the prevention of terrorism at his own expense will be required to do even" municipalities Far North, where in the last 2 thousand years has not happened a single attack "...."
"... All this" prevention will result in higher prices, "through which businessmen will be compensated their spending on counter-terrorism security ...."
"... However, the performances spravorossov did not affect the opinion of the Duma majority, which approved bill on first reading ...."
Colleagues, you are nothing like? No analogy is not suggests?
way where there our bill Reznik ? I remember at the conferences in February, the City Council declared the public hearing on the possible update of the bill ... dull as in the tank .... but what longer time stretches, the greater the risk of hasty and ill-considered decisions. Prior to July 1, remained the only 1,5 months. And here also adopted law on licensing somewhat spoiled the mood.
way at the end of the year we have elections to the Duma, so that the hope for a normal and productive law-melts with each day, as head of our councilors will be busy with other problems.
way at the end of the year we have elections to the Duma, so that the hope for a normal and productive law-melts with each day, as head of our councilors will be busy with other problems.
Simple Letter Of Request For Housing Allowance
3 years 1 month 10 days
I was the director:)
here just recently thought that I am the Director and that the coming year will prepare me :)
and if wisely assess the current developments, the year prepares a lot of interesting things:)
I was the director:)
here just recently thought that I am the Director and that the coming year will prepare me :)
and if wisely assess the current developments, the year prepares a lot of interesting things:)
Tuesday, May 10, 2011
Montreal Cruising Gay
Released 5-th version of the distribution BackTrack
BackTrack - it's pretty well-known distribution, which contains an extensive set of tools to analyze vulnerabilities and conducting penetration tests.

distribution developed by Offensive Security , which also organizes online courses on various topics in the field of penetration testing, including certification OSCP.
I myself met with the distribution of about 5 years ago and since then He has not left my personal hit-list.
And finally the new version - BackTrack 5. Much more interesting and updated, I recommend to get acquainted, if you're interested practical security issues.
Download BackTrack can here .
And finally the new version - BackTrack 5. Much more interesting and updated, I recommend to get acquainted, if you're interested practical security issues.
Download BackTrack can here .
Monday, May 9, 2011
Power Of Attorney In India Model Form
Carefully, drain the metadata! The Friday
For the first half of this year there was already some pretty big hacking (Night Dragon, attack on RSA, MySQL, etc). With that in some cases, for example, in an incident with the RSA, during an attack used by social engineering. And what does it take to conduct a successful attack with the use of social engineering? You need to have as much information about the purpose of the attack. One way to obtain information (And quite simple and virtually invisible) is to analyze the metadata contained in documents published by the Internet (in particular on the official site).
metadata - that is, information about the data used, such as author name, file size, in which the program is done.
So Now, I recently came across an interesting programm - FOCA. This program analyzes the contents of the selected web site, using queries multiple search engines. During the search are found files with extensions doc, pdf, ppt, xls, pps, etc. Then all the files are downloaded to a computer and analyzed they contain metadata. If successful, the metadata can be found among the user names, email-s, the names of folders, printers, software and operating systems.
example, here is a brief analysis of the results using this program the site of one of the famous banks (for ethical reasons name was not called):
was found more than 600 files (doc, pdf, xls)
The analysis of these files has been received about 108 users (created these documents), 2 internal network printers, 11 e-mail addresses and 45 records of the software used.
information about what software is used to create the downloaded files, incidentally, can be used for the selection of malware code that exploits a vulnerability is in these versions of software, which somewhat increases the chances of success of a hacker attack.
as a possible counter-measures can be offered first to the very similar analysis of your website (download the free version of FOCA can here ), and use tools to clean the metadata from files before they are published on the Internet.

metadata - that is, information about the data used, such as author name, file size, in which the program is done.
So Now, I recently came across an interesting programm - FOCA. This program analyzes the contents of the selected web site, using queries multiple search engines. During the search are found files with extensions doc, pdf, ppt, xls, pps, etc. Then all the files are downloaded to a computer and analyzed they contain metadata. If successful, the metadata can be found among the user names, email-s, the names of folders, printers, software and operating systems.
example, here is a brief analysis of the results using this program the site of one of the famous banks (for ethical reasons name was not called):
was found more than 600 files (doc, pdf, xls)

The analysis of these files has been received about 108 users (created these documents), 2 internal network printers, 11 e-mail addresses and 45 records of the software used.

information about what software is used to create the downloaded files, incidentally, can be used for the selection of malware code that exploits a vulnerability is in these versions of software, which somewhat increases the chances of success of a hacker attack.

as a possible counter-measures can be offered first to the very similar analysis of your website (download the free version of FOCA can here ), and use tools to clean the metadata from files before they are published on the Internet.
Friday, May 6, 2011
What Gauge Is Average Saftey Pin
I am very interested in what I actually I want to.
than I would have worked if I had not to earn money.
what I would do?
be taught? fully engaged to junior? writing? draw? photographed?
for a wonderful purpose God created me? is it me?
I am very interested in what I actually I want to.
than I would have worked if I had not to earn money.
what I would do?
be taught? fully engaged to junior? writing? draw? photographed?
for a wonderful purpose God created me? is it me?
Thursday, May 5, 2011
Free Xpress Train Watch
original here
With humor guys, well maybe learn from them:) Just remember your students, parties in the dorm .... oh it was a great time ...
all good upcoming weekend and the Victory Day you, colleagues!
Now for the "Feedback" gather information about the Moscow high schools, which teach information security. And here on the site MESI stumbled upon a description of the departments of the Institute of Computer Technology:

original here
With humor guys, well maybe learn from them:) Just remember your students, parties in the dorm .... oh it was a great time ...
all good upcoming weekend and the Victory Day you, colleagues!
Wednesday, May 4, 2011
How To Convert Heparin Units To Cc
PCI DSS 2.0: Lost in Translation
As is well known for the last time major changes that occurred in the PCI DSS referred clarifying wording, as certain phrases in the standard allows too broad an interpretation (eh. .. we have documents Protection PDN who would be so reconciled ... but now is not about that ...).
One translation was made Informzaschita and available at this link .
second translation was prepared by PCIDSS.ru community and is available here .
I have read these documents, and here are some things that caught my eye:
1) 1.1.1 in the original sounds so:
A formal process for approving and testing all network connections and changes to the firewall and router configurations
Translated from Informzaschita:
formalized process for approving and testing all network connections, as well as changes to the configuration of firewall and routers.
here everything seems ok.
Translation PCIDSS.ru:
formal process for approving and testing all external compounds and changes in configuration of firewalls and routers.
but there is already some reason, appeared "external links"
2) p.2.2.1 in the original sounds like this:
Implement only one primary function per server to prevent functions that require different security levels from co-existing on the same server. (For example, web servers, database servers, and DNS should be implemented on separate servers.)
Translated from Informzaschita:
Each server must be implemented by only one main function, to prevent simultaneous operation of functions that require different levels of security on the same server. (In particular, Web servers, database servers, DNS-servers must run on different physical servers.).
here for some reason, appeared on different physical servers, "though in the original the word "physical" no.
Translated from PCIDSS.ru:
for each server should be implemented in a main function to avoid being on the same server functions that require different levels of protection (eg, web servers, database and DNS-servers should be located on different computers).
And here is used the word "computers" are not accurately reflect the original claim.
3) p.3.5.2 the original sounds like:
Store cryptographic keys securely in the fewest possible locations and forms.
Translated from Informzaschita:
Keys must be a minimum set of protected storage.
Nothing is said about the shape of keys as the original.
Translated from PCIDSS.ru:
Keys shall be stored only in strictly defined lockbox and a strictly defined form.
And it speaks of a certain amount of storage, rather than the minimum possible (as in original).
4) paragraph 6.1 of the original sounds like this:
Ensure that all system components and software are protected from known vulnerabilities by having the latest vendor-supplied security patches installed. Install critical security patches within one month of release.
Translated from Informzaschita:
for all system components and software must be installed the latest security updates provided by manufacturers. Critical security updates must be installed within 1 month from the date of their issuance.
used the term "security updates". What kind of security system? in the original meaning of a
Translated from PCIDSS.ru:
all system components and software must be installed the most recent security updates released by the manufacturer. Critical security updates must be installed within one month from the date of their release by the manufacturer.
Now that's similar to the original.
5) Section 6.4.1 in the original sounds like:
Separate development / test and production environments
Translated from Informzaschita:
should be divided into development and test environments and operating
similar to the original
Translated from PCIDSS.ru:
development environment, testing and production functioning of the software must be separated from each other.
But this transfer can be solved, that all three media must be separated from each other, that the original is not implied.
6) paragraph 6.6 in the original sounds like:
... \u0026lt;text omitted> .. Installing a web-application firewall in front of public-facing web applications
Translated from Informzaschita:
Install a firewall to protect public Web applications
probably can long discussion, but all the same Web Application Firewall and a firewall is different things, and this interpretation can lead to errors.
Translated from PCIDSS.ru:
install a firewall application layer to the web-based applications.
Now that's more like the truth
7) 9.4 in the original sounds like:
Use a visitor log to maintain a physical audit trail of visitor activity. Document the visitor's name, the firm represented, and the onsite personnel authorizing physical access on the log. Retain this log for a minimum of three months, unless otherwise restricted by law.
Translated from Informzaschita:
shall be a log of visitors to keep track of them. It is necessary to record the visitor's name, company name, which it represents, and the employee's name, authorizing physical access. Surveillance data should be stored for at least 3 months, if not inconsistent with law.
And what have the 'CCTV'? Apparently it's just wrong copy and paste
Translated from PCIDSS.ru:
should keep a log book visitors and use it to analyze visits. The log should record the visitor's name, the organization which he represents, and staff organization, has allowed access to the visitor. This log should be kept at least three months, unless otherwise prescribed by law.
here like okay
8) 10.4 in the original sounds like:
Using time-synchronization technology, synchronize all critical system clocks and times and ensure that the following is implemented for acquiring, distributing, and storing time.
Translated from Informzaschita:
must be synchronized clock and timer for all critical systems. Make sure that the following measures in place for the acquisition, distribution and storage of data on time.
Translated from PCIDSS.ru:
must use technology to synchronize the time. All the system clock and system time on mission-critical systems must be synchronized Necessary to ensure performance of the requirements for obtaining, disseminating and storing data on time.
amused translate Informzaschita in terms of the acquisition of data on time, did not know what time you can buy:).
This note is certainly not exhaustive analysis, these things - it the first thing that caught my eye, I think the text is still very much similar things. In general, summing up, I can say that if you are fluent in English, then I strongly I advise to check with the original, unnecessarily inaccuracies in the translation there, but the devil is known in detail!
Also, despite my criticism, I believe that Informzaschita and community PCIDSS.ru done important work releasing translations of the standard Russian language, for which they certainly should thank!
current version of the standard, PCI DSS 2.0, was adopted in October 2010 and now just recently with a small interval 2 transfers out of the standard Russian language.
One translation was made Informzaschita and available at this link .
second translation was prepared by PCIDSS.ru community and is available here .
I have read these documents, and here are some things that caught my eye:
1) 1.1.1 in the original sounds so:
A formal process for approving and testing all network connections and changes to the firewall and router configurations
Translated from Informzaschita:
formalized process for approving and testing all network connections, as well as changes to the configuration of firewall and routers.
here everything seems ok.
Translation PCIDSS.ru:
formal process for approving and testing all external compounds and changes in configuration of firewalls and routers.
but there is already some reason, appeared "external links"
2) p.2.2.1 in the original sounds like this:
Implement only one primary function per server to prevent functions that require different security levels from co-existing on the same server. (For example, web servers, database servers, and DNS should be implemented on separate servers.)
Translated from Informzaschita:
Each server must be implemented by only one main function, to prevent simultaneous operation of functions that require different levels of security on the same server. (In particular, Web servers, database servers, DNS-servers must run on different physical servers.).
here for some reason, appeared on different physical servers, "though in the original the word "physical" no.
Translated from PCIDSS.ru:
for each server should be implemented in a main function to avoid being on the same server functions that require different levels of protection (eg, web servers, database and DNS-servers should be located on different computers).
And here is used the word "computers" are not accurately reflect the original claim.
3) p.3.5.2 the original sounds like:
Store cryptographic keys securely in the fewest possible locations and forms.
Translated from Informzaschita:
Keys must be a minimum set of protected storage.
Nothing is said about the shape of keys as the original.
Translated from PCIDSS.ru:
Keys shall be stored only in strictly defined lockbox and a strictly defined form.
And it speaks of a certain amount of storage, rather than the minimum possible (as in original).
4) paragraph 6.1 of the original sounds like this:
Ensure that all system components and software are protected from known vulnerabilities by having the latest vendor-supplied security patches installed. Install critical security patches within one month of release.
Translated from Informzaschita:
for all system components and software must be installed the latest security updates provided by manufacturers. Critical security updates must be installed within 1 month from the date of their issuance.
used the term "security updates". What kind of security system? in the original meaning of a
Translated from PCIDSS.ru:
all system components and software must be installed the most recent security updates released by the manufacturer. Critical security updates must be installed within one month from the date of their release by the manufacturer.
Now that's similar to the original.
5) Section 6.4.1 in the original sounds like:
Separate development / test and production environments
Translated from Informzaschita:
should be divided into development and test environments and operating
similar to the original
Translated from PCIDSS.ru:
development environment, testing and production functioning of the software must be separated from each other.
But this transfer can be solved, that all three media must be separated from each other, that the original is not implied.
6) paragraph 6.6 in the original sounds like:
... \u0026lt;text omitted> .. Installing a web-application firewall in front of public-facing web applications
Translated from Informzaschita:
Install a firewall to protect public Web applications
probably can long discussion, but all the same Web Application Firewall and a firewall is different things, and this interpretation can lead to errors.
Translated from PCIDSS.ru:
install a firewall application layer to the web-based applications.
Now that's more like the truth
7) 9.4 in the original sounds like:
Use a visitor log to maintain a physical audit trail of visitor activity. Document the visitor's name, the firm represented, and the onsite personnel authorizing physical access on the log. Retain this log for a minimum of three months, unless otherwise restricted by law.
Translated from Informzaschita:
shall be a log of visitors to keep track of them. It is necessary to record the visitor's name, company name, which it represents, and the employee's name, authorizing physical access. Surveillance data should be stored for at least 3 months, if not inconsistent with law.
And what have the 'CCTV'? Apparently it's just wrong copy and paste
Translated from PCIDSS.ru:
should keep a log book visitors and use it to analyze visits. The log should record the visitor's name, the organization which he represents, and staff organization, has allowed access to the visitor. This log should be kept at least three months, unless otherwise prescribed by law.
here like okay
8) 10.4 in the original sounds like:
Using time-synchronization technology, synchronize all critical system clocks and times and ensure that the following is implemented for acquiring, distributing, and storing time.
Translated from Informzaschita:
must be synchronized clock and timer for all critical systems. Make sure that the following measures in place for the acquisition, distribution and storage of data on time.
Translated from PCIDSS.ru:
must use technology to synchronize the time. All the system clock and system time on mission-critical systems must be synchronized Necessary to ensure performance of the requirements for obtaining, disseminating and storing data on time.
amused translate Informzaschita in terms of the acquisition of data on time, did not know what time you can buy:).
This note is certainly not exhaustive analysis, these things - it the first thing that caught my eye, I think the text is still very much similar things. In general, summing up, I can say that if you are fluent in English, then I strongly I advise to check with the original, unnecessarily inaccuracies in the translation there, but the devil is known in detail!
Also, despite my criticism, I believe that Informzaschita and community PCIDSS.ru done important work releasing translations of the standard Russian language, for which they certainly should thank!
Subscribe to:
Posts (Atom)