This is a response to many analysis' of the Stuxnet virus/worm, especially a YouTube video about it. In a nutshell, the video over played the threat and gave the worries I had 9 months ago.

A relatively new way to process credit card payments, Square-Up is in use now. It was created by one of the pillars in the Web2.0 world (Jack Dorsey who is the "Twitter creator"). However, will it help or hurt the merchant?

Square-up is a device you plug into a mobile device's USB port to make that mobile device a credit card scanner. But this kind of set-up comes with many security problems and it will cause even more problems with PCI-DSS compliance which anybody who takes credit card payments has to now worry about.

What is the difference between Julian Assange and Dan Egerstad? Technically, nothing. Ethically a lot. In this article, I'll go into the details of what happened and how it will affect the Internet.

I've advised people to check suspicious files at virustotal.com, now I'll say be careful. VirusTotal.com is still what it used to be, but there is now a fake out there. Here's a tweet from the project manager at VirusTotal. http://twitter.com/jcanto/status/9685945726

According to a report published in the "Network World", the biggest vectors for web hacking in 2009 were social networks, SQL injection, cross-site-scripting, authentication abuse, and cross-domain-request-forgery.

The concern about social networks is something I've written about before. I use twitter to announce my money making projects, linked-in to outline my professional achievements, and face-book to socialize with others. However; I do not tweet my intimate thoughts, put a detailed resume on linked-in, or reveal anything too personal on my FB wall.

In January there was a big attack against Google that apparently used a flaw in Internet Explorer which got the name "aurora".

Another attack has been proven possible on unbreakable wireless networks. I have heard WEP called "unbreakable" and I have heard the word "unbreakable" used for WPA after WEP was broken. But now both WEP and WPA have been broken. WPA2 seems to be the next best thing. However, the situation is not as dire as some make it sound. There are four items that must be secured to be able to resist the latest wireless exploits. Break these rules and you are you are vulnerable to the attack:

This time the focus is on the Ajax Session module which should be removed from all Drupal installations.

If anybody noticed, I'm not writing regular updates about Drupal security like I did last year. If you keep your installed core, modules, and themes up to date then 90% of my 2008 posts will be redundant. Now I'm just writing about issues that go beyond keeping things up to date. For example; modules that should be avoided. Programming practices that can be dangerous.

Mrs. Palin's recent experience with online privacy has given many a reason to be paranoid. Many of the standard practices on the Internet today only opens us up to security and privacy woes.

Well, SANS did another report on how long an unpatched, Windows system would survive on the Internet without being infected by something.

Then did the same study in 2003 and in 2004 and each time the length is drastically reduced. This points to two things: 1st the necessity for SP2 or SP3 today and the fact that the Internet underground is getting much more sophisticated every day.

2003 = 40 minutes
2004 = 20 minutes
2008 = 4 minutes