JJinuxLand

Introduction Let’s talk about certifications, standards, controls, control frameworks, etc. Let’s start with standards. SOX Per Wikipedia : The Sarbanes–Oxley Act of 2002...more commonly called Sarbanes–Oxley or SOX, is a United States federal law that set new or expanded requirements for all U.S. public company boards, management and public accounting firms. A number of provisions of the Act also apply to privately held companies, such as the willful destruction of evidence to impede a federal investigation. The bill...was enacted as a reaction to a number of major corporate and accounting scandals, including Enron and WorldCom. The sections of the bill cover responsibilities of a public corporation's board of directors, add criminal penalties for certain misconduct, and require the Securities and Exchange Commission to create regulations to define how public corporations are to comply with the law. In a nutshell (and bearing in mind that I am not an expert), SO

This is a continuation of Creating Windows 10 Boot Media for a Lenovo Thinkpad T410 Using Only a Mac and a Linux Machine . I figured out that Windows 10 isn't supported on the Lenovo Thinkpad T410, so I decided to focus on getting Windows 7 running on it, which is what it came with. I know it's a security risk, but I figured it'd be okay if I locked down the firewall, installed a virus scanner, and limited the apps installed on the machine. There's nothing on this laptop that we can't afford to lose. Remember, one of my challenges was that the laptop doesn't have a CDROM drive, and I didn't have any installation media at all. I just had a Mac to work with. Attempt 24: I bought a license key from g2a.com . I was hoping to download an ISO either from them or from Microsoft . It turns out Microsoft wouldn't let me download the ISO since it was an OEM license. I also bought a copy of McAfee AntiVirus Plus at the same time. I never

I'm having a lot of fun with VMware on this 64 GB Mac: My main OS, obviously, is macOS running work-related stuff. Then, I have Ubuntu Linux for development. I have Kali Linux for doing security work. I have Windows 10 for practicing exploit development. And, finally, I have macOS running in a VM for my personal stuff. I could probably get Android and iOS running for completeness sake (using different emulators), but I don't actually need those right now ;) I've been running multiple VMs for a month or two. Things are working in general, and I'm happy with this setup. My only complaints are: It took a while to set everything up. My battery life sucks :-P The macOS VM lacks GPU acceleration; hence I had to disable GPU acceleration in Chrome. Similarly, for personal use, I'd prefer to use Netflix, YouTube, and Zoom in my personal macOS VM. However, the video is too laggy. Hence, I have to do those things on the main OS, using a

In this blog post, I’m going to be talking about hashing, encryption, encoding, compression, etc. All of these things are related, but they serve different purposes. Sometimes, developers confuse these things which can lead to tragic results. My goal is to provide a high-level overview without getting into the weeds. If you’re interested in the details, Wikipedia is a great place to start. In fact, any part of this blog post that sounds even remotely intelligent was probably taken straight from Wikipedia. Encoding Let’s start with code : In communications and information processing, code is a system of rules to convert information—such as a letter, word, sound, image, or gesture—into another form, sometimes shortened or secret, for communication through a communication channel or storage in a storage medium. An early example is the invention of language, which enabled a person, through speech, to communicate what they saw, heard, thought, or felt to others. But speech li

I decided to give Ubuntu 20.04 a try on my 2015 15" MacBook Pro. I didn't actually install it; I just live booted from a USB thumb drive which was enough to try out everything I wanted. In summary, it's not perfect, and issues with my camera would prevent me from switching, but given the right hardware, I think it's a really viable option. The first thing I wanted to try was what would happen if I plugged in a non-HiDPI screen given that my laptop has a HiDPI screen. Without sub-pixel scaling, whatever scale rate I picked for one screen would apply to the other. However, once I turned on sub-pixel scaling, I was able to pick different scale rates for the internal and external displays. That looked ok. I tried plugging in and unplugging multiple times, and it didn't crash. I doubt it'd work with my Thunderbolt display at work, but it worked fine for my HDMI displays at home. I even plugged it into my TV, and it stuck to the 100% scaling I picked for the othe

TL;DR: Giovanni and I struggled trying to get Windows 10 installed on the Lenovo Thinkpad T410. We struggled a lot trying to create the installation media because we only had a Mac and a Linux machine to work with. Everytime we tried to boot the USB thumb drive, it just showed us a blinking cursor. At the end, we finally realized that Windows 10 wasn't supported on this laptop :-/ I've heard that it took Thomas Edison 100 tries to figure out the right material to use as a lightbulb filament. Well, I'm no Thomas Edison, but I thought it might be noteworthy to document our attempts at getting it to boot off a USB thumb drive: Download the ISO. Attempt 1: Use Etcher. Etcher says it doesn't work for Windows. Attempt 2: Use Boot Camp Assistant. It doesn't have that feature anymore. Attempt 3: Use Disk Utility on a Mac. Erase a USB thumb drive: Format: ExFAT Scheme: GUID Partition Map Mount the ISO. Copy everything from

I went to BSidesSF (@BSidesSF), which is a friendly security conference organized by volunteers. These are my notes. BTW, shout out to my buddy, Josh Bonnett, for introducing me to the conference. Here's the schedule . Here's a link to their Capture the Flag . This was their 10th anniversary. "There are no attendees. Everyone is a participant." They said, "If you're going to take a picture, make sure you have the permission of everyone in the shot. Crowd shots (those facing the crowd) are strongly discouraged." They donate to "The Sisters of Perpetual Indulgence". [Keynote] Give Away Security's Legos: Dumping Traditional Security Teams The keynote was given by Fredrick "Flee" Lee (@fredrickl), the CSO at Gusto. Legos are very accessible, and you can build amazing things. Lego is the world's most recognized brand. Lego's motto is "the best is not too good." It's bad that most companies treat thei