Since I’m on the job hunt, I’ve got some time between applying for new positions and learning some new languages. Yesterday and Today I checked out the ITEC conference and exhibition. I can honestly say that I learned and got to take in some useful information.
The first day of the show I saw a lot of people talking about the newish (January 1 2008) Oregon Identity Theft Protection Act. Basically it’s a law that sets the guidelines for what a business can be fined and be penalized for after a breech of personal information. This can be credit card numbers, social security numbers, or any other information that is of personal, identifiable information. I’m glad that this is in place. It’s reassuring that at least the government is trying to become “up with the times” and hold business’s accountable for bad security practices. I know I wouldn’t be happy if my credit card number got snatched from a hacker after shopping at some department store which didn’t keep my information secure.
Yesterday I also got a chance to visit speakers talking about Google Hacking, Botnets, the weakness’s of FTP. I could go on forever talking about all three but instead I’ll give my two cents about each:
Google hacking is interesting because it’s not what the average Joe would think it to be. I first thought it was either mail bombing with gmail accounts, hacking google itself (good luck!), or a DDoS on Google’s search. To my surprise the presenter talked about SQL injections, just knowing what keywords to search for personal information, or gaining access to restricted websites that Google has access to.
Botnets are particularly interesting to me because I have first had experience with them. I’ll admit it, back in the day I was a script kiddie too. I knew and still know how to take over a lot of PC’s (most techies do) but it’s not my thing. I’m more interested in the other side of things such as preventing attacks, resolving a current attack, and preventing bots from being created. I had bots back in my IRC days when we needed bots to host files for us. Our rootkit was simple but worked. All I can say is that make sure your passwords aren’t weak!
My presenter made a ton of great points on why ftp is weak and needs to be seriously looked at if you implement it on your systems. Weak ftp allows for packet sniffer programs to retrieve user names and passwords with ease. Also allowing anonymous access can be ok but you have to make sure you don’t have sensitive data available. I just take off anonymous access on my ftp servers because you never know what might be accidentally dropped on to it. I’m now using SFTP on all my servers.
Also today I got my fix of technological information in a few well done presentations such as Mac and Windows Integration (I’m a PC guy), Sharepoint, and Improving Productivity with Rich Internet Applications. All the presenters were spot on and really knew their stuff.
Sharepoint is where it’s at. I really like the interface, the features, and the scalability of this great system. It allows users to collaborate all types of information in many different ways be it online (company website, blogs, wiki’s), intranet, and extranet. Microsoft seems to have done right and I’m crossing my fingers that I get some time to give her a try. The Sharepoint WSS 3.0 is free, according to the presenter so I’m going to download a copy and give it a try. It requires Windows Server 2003 so I’ll have some downloading and installing to do.
Feel free to ask me more about anything. I’m interested in all of it so it’s something that I want to share as well as learn more about.