LASCON 2021: Writing Policies That Aren’t Miserable for Everyone Involved

Policies. In theory they should be the backbone of any good information security program, but in reality few if any people actually read them and even fewer can understand what they mean. For ages we’ve been trying to solve this problem through education efforts, but maybe it’s time to look at how we construct policies in the first place and take a microservices approach to writing them?

You can download the full slide deck here:

Lead photo thanks to @SecurityBrew on Twitter!

Fixing AMP Ads That Break Your Website Layout

I maintain a couple of blogs, one of which is the whiskey review site Thirty One Whiskey. That blog actually gets a good amount of traffic, and generates enough revenue from Google ads to (partially) fund my whiskey and cigar habits.

One problem that I had been running into was that the default code for Google’s AMP ads was breaking the formatting of my website on mobile devices. When rendered, the ad element was wider than the width of the page on mobile screens, so when you started to scroll, quite often the page would move to the left a bit and the text would start to be cut off.

Continue reading “Fixing AMP Ads That Break Your Website Layout”

Adding a Featured Image to All Posts in WordPress in One Easy Click

Featured images are sometimes an afterthought. For older bloggers, featured images weren’t really a critical part of the web layout and often weren’t added to posts. And for newer bloggers, it’s just one more step that doesn’t seem necessary. But then there comes a point where you want a new theme that requires featured images to work, and now you have hundreds of posts without that featured image.

Continue reading “Adding a Featured Image to All Posts in WordPress in One Easy Click”

Querying And Displaying WordPress Site Stats Using a PHP Script

I like being able to keep an eye on everything that’s going on with the stuff I run. To that end I run a LibreNMS deployment in my house that monitors all my equipment, and I’v got a dashboard that gives me the vital statistics for everything I care about in one glance. One thing that has been sorely missing was a widget where I could see the stats for my WordPress sites, and I think I finally figured that out this week.

Continue reading “Querying And Displaying WordPress Site Stats Using a PHP Script”

SpiceWorld Austin 2019: Docker for Dummies

This past week I presented my talk “Docker for Dummies” at the 2019 SpiceWorld Conference in Austin, Texas. If you’re looking for the slides then I’ve got good news! They’re posted right here.

For those looking for the direct GitHub link to the repository I mentioned with the scripts to set up your own LibreNMS docker environment then you can find it right here:

https://github.com/foghorn/librenmsdocker

The full video is available on YouTube here:

If you’re interested in having me present this talk to your company, group, or conference feel free to reach out through the contact methods listed at the end of the presentation.

SpiceWorld Austin 2019: Learning from Failure

This past week I presented my talk “Learning from Failure: Tales of Incident Response Gone Wrong” at the 2019 SpiceWorld Conference in Austin, Texas. If you’re looking for the slides then I’ve got good news! They’re posted right here.

The full video of the presentation is also available on YouTube here:

If you’re interested in having me present this talk to your company, group, or conference feel free to reach out through the contact methods listed at the end of the presentation.

Performance: LogMeIn Versus TeamViewer

I use a MiniX Neo headless mini PC as a jumpbox into my home network. For the last couple years I had been running LogMeIn as the remote access client to connect back into the device, but with the recent pricing increase and lack of support for the iPad application I decided it was time to switch to TeamViewer. I knew that having an agent running on the device at all times would cause a performance hit, but I didn’t realize just how bad that hit would be.

Continue reading “Performance: LogMeIn Versus TeamViewer”

D-Link Security Cameras Using mydlink App Leak Passwords

UPDATE: This vulnerability has been assigned the Common Vulnerability and Exposure ID of CVE-2018-7698 by MITRE.

I’ve been testing out a beta version of an IDS (Intrusion Detection Sensor) that we’re planning to release sometime soon specifically for small businesses, tech savvy home users, and others. I currently have it running on my home network and the alerts I’ve been seeing have really made me much more aware of the potential risks we encounter every day. For example, a game my wife plays on her mobile phone has been triggering spyware and malware alerts thanks to the ads that constantly pop up.

Continue reading “D-Link Security Cameras Using mydlink App Leak Passwords”

Resolving Domains with Private IPs Behind a pfSense Firewall

Having all of your devices on a single subnet is easy and convenient. You can access network resources simply by using their hostname, and everything just works. But that kind of configuration also makes it easy for attackers to break into your systems and steal all of your critical data since there’s very little stopping them from jumping from one system to another.

Continue reading “Resolving Domains with Private IPs Behind a pfSense Firewall”