It looks like our electronic devices can be searched by customs when entering the US. This somewhat violates the 4th amendment, however there is a border exception to the 4th amendment and unless I am wrong you are not officially in the US until you pass customs/border so the amendment would not apply.

A lot of company policies state that you should not be holding confidential information on laptops in the first place, but email, and browser cache can contain that information. To help prevent the information from intranets from being cached you can install JohnnyCache. JohnnyCache lets you enter in a url pattern and will prevent disk and memory based cache from being accessible when viewing a site matching that pattern. I highly recommend you install this extension regardless of your traveling habits.

I am going to be writing additional posts about handling these searches. These posts are going to be directed at protecting corporate information and personal information.

Tomorrow is weeCamp, a beCamp/barCamp style conference covering web application security. I am REALLY excited about this conference, there was a chance I was not going to be able to go, but I will be there. The talk I think I will be most interested in hearing is RoR security. I have been learning RoR a bit the past week and while there is a learning curve I am really enjoying it. I have a large project that I am going to be tackling in the Rails framework and I hope that my needs to not exceed my limited experience with RoR. Worst case I have to write it in PHP by scratch or use CakePHP.

Very early Friday morning I was updating my BIOS and it appears that the utility killed off a dependency for my UPS utility, which then made the application think that the connection was lost. This resulted in my UPS rebooting and killing the power to my machine in the middle of the update. I was unable to do a BIOS recovery so I had to order a new motherboard since MSI does not have advanced replacement. If I RMA that board it will take 7-10 business days for them to fix it after they receive it. Combine that with shipping and I am looking at probably a month, considering that is my primary system and migrating everything to another system is just out of the question I felt the $150 was worth it.

Its been a difficult few days even outside my techie life, so I am really hoping this conference will boost my spirits.

I received an email a while back about updating information in my affiliate account so that I could receive payment and put it on the todo list for another time. On August 30th I decided to browse the site to see if I could enter the information online, and just as I was about to enter my Tax ID/SSN I noticed it was on an insecure connection. I asked for a fax number and mentioned that they were not forcing SSL on that page. On September 3rd I emailed them again after reading their privacy policy, where I read the following:
Read the rest of this entry »

I started the training videos for the Offensive Security 101 course. I am so pleased with the quality of the courseware. The instructor does a great job of presenting information and recommends reading material throughout the videos so that you don’t go into the next course completely blind. I have watched other training on some of these topics and the presentation just didn’t come close to what I am seeing in these sessions.

The training was $400, which includes access to a VPN, a lab environment to test what I am learning, and the certification exam. On September 1st, the prices are going up so if you are interested you might want to jump on it. If you currently have your CISSP this course will give you 40 CPE credits.

I will blog about the course more as I work through the exercises and view the remaining videos. By the way, Offensive Security is the training spin off from remote exploit, which is the company that created BackTrack.

Yesterday I made my payment for the Offensive Security 101 training. If I pass the exam I will be a Offensive Security Certified Professional. This exam has received very good reviews from a lot of experienced security professionals, one major reason being that you have to prove knowledge of the ethical hacker practices. So instead of just memorizing the nmap man page you have to actually apply the knowledge of fingerprinting, scanning, and other tasks required during a pen test. After I receive this certification I will study for my CEH (Certified Ethical Hacker) certification and work on picking up some contracts that will let me apply that knowledge. Ultimately I would like to get my CISSP and work as a penetration tester, but I do realize that after taking this training I may not like the whole world of security, so my plans could change.