Today I had a boo boo. My work Macbook Pro died. No warning, just dead.  For sometime I have been meaning to setup a backup solution for both of my Macbook Pros so that I can have backups and be able to copy files between systems because I am lazy and hate carrying my laptop to and from work.
Originally I started using Dropbox for keeping files in two places but now that my laptop died I had to be smart and add a backup solution and stop screwing around.
I added Jungledisk to my setup tonight on my personal Mackbook Pro. Once my work system is back up and running Jungledisk will go on it also.  Jungledisk lets me backup my data and it is encrypted in transit and storage on Amazon’s S3.  There is a cost associated with the software and the storage but after loosing a week’s worth of code, it is worth it.

Be smart, back up.

Recently I took a trip to Colombia, South America.  During this trip I observed some interesting things with airport security.

Colombia is only really concerned with drugs.  When entering the country I was barely searched by their version of TSA and Customs.  The gentleman working the xray machine did not even watch it as my bags went through and instead was texting on his blackberry.  I watched him for about 15 minutes and he never once looked up at the screen.

Leaving the country they searched and/or my carry on 4 times. Mostly xray and human searches.  One lady who was suppose to use the wand barely grazed me with it while talking to a coworker and gossiping but 15 feet later someone throughly went through my laptop case looking for drugs.  This brings me to my theory that they were more concerned with drugs than anything else.

JFK aiport immigrations check - herm. That is really my thought on that matter. I found a way to bypass the immigration check when coming in from an overseas flight.  There is a design flaw in the building and process which allows this to be possible. I won’t post here what I found, but those that follow me other places knows the “secret”.

InformationWeek has published my piece of IPv6.  This is a look back at why IPv6 was created, some of the benefits, and the current state of IPv6.

IPv6 Makes Slow Progess - By Adam Ely

I recently collaborated on a piece for InformationWeek entitled “A How-To Guide To Cloud Computing“.  My portion was a tight 700 or so words regarding what security topics to consider when utilizing the cloud for the first time. I would have liked to write a lot more and go indepth, but it was not the purpose of the piece so my objective was to outline a few key action items people could use to get started.

I uploaded a video to Viddler and mistakenly pasted the video URL into the tags field. When I went to delete this tag by clicking the (x) next to the tag, I realized the (x) was not there. Because of the length of the tag, the (x) did not display.

There was two ways I could think of to fix this problem. 1. Modify the AJAX in flight and use another tags delete function to delete the tag I wanted to remove (tested, works) or the simple way:

In FireFox open Firebug, inspect the div around the tags (id=smTags), Modify the text size from 90% to something smaller, click the x next to the tag you want to remove, confirm you want to delete the tag, and finally refresh the page. Simple.

I have spent a lot of talking to people and companies about their on web 2.0/3.0/Something.0 strategies. Part of these strategies often include Twitter.

Below are some Twitter tips that you might find useful.

The biggest tips I can share are:

1. Follow more people
2. Post more and tie posts back to your website or content that you want to promote. No less than 25% of your messages should relate to the content, site, company or whatever you are trying to promote
3. Interact with other users more

Twitter Clients:

There are a lot of clients popping up. Pick one that works the best for you and is in your face all the time. Only if the client is right there will you always use it. For instance, I use iGoogle as my homepage thus I have the BeTwittered iGoogle gadget so I see Twitter every time I have load the page. I also use Twibble on my blackberry so when I am bored on I can check what is going on.

Blackberry

• Twitterberry - allows you to send and receive messages

• Twibble - allows you to send and receive msgs plus follow people, better UI thank twitterberry

Desktop

• Digsby - all in one IM client similar to Trillian but with support for Twitter (among other things)

• Twitter - Desktop client

• Web - Firefox plugins, twitter website, or iGoogle gadget such as BeTwittered

Twitter Lingo:

Once you are in the world to tweets, you must understand the lingo. Here are some common things you must learn:

@user - when replying to a user place @ in front of their name. It lets the user know the message is directed to them. It will also show up in the user’s tweets so they know you are talking to them.

Conversation Tip: When making reference to another Twitter user, e.g. Bernie want’s to say something about Jen, rather then use that person’s real name, you should use their twitter username. For example… “Just saw @jenandcricket’s new blog post on how to compost in your apartment.” or “can’t wait to see @garyvee present at the @idealbite BIG awards, featuring @heatherisabiter and @jenandcricket. This will help other twitter users know who you are talking about.

Direct message - private message between users. To send a direct message, the other user must be following you. You send a direct message by starting your tweet with the letter d, space, username. So, if you were to send a direct message to me it would be “d adamely Let’s meet for lunch at centro in south park?”

Who to follow? Who to allow?

This is a tricky one. Some people go out and follow as many people as they can. I disagree with this strategy. It makes your account look suspicious and many people will not follow you. Also, it could get your account suspended by Twitter.

My strategy on “business” accounts is to follow others that are posting like content and follow those who are following those I follow. This tends to allow me to jump into the circle that has formed and see both sides of many conversations while getting super relevant information. Additionally, the more conversations I participate in, causes more people to see me and hopefully gather more followers.
Don’t follow anyone who looks like they are just spamming. This can be difficult to tell sometimes but if it is bustylady69 and she really wants you to check out her webcam, don’t fall for it.

As for followers, allow anyone to follow you that is interested in reading what you have to say.

How to get followers:

The more people you interact with, send @replies to, and follow, the more users will find and follow you. Also, the more you advertise your tweeting, the more people will know to follow you. If you have a webpage, link to your twitter account and display your current tweets. Email signature? Link to your twitter account.

As mentioned before - Find people to follow. Friends of friends, people tweeting similar content as you, or just people that seem to be interesting. Many people will follow you if you follow them.
The more you tweet, the more people will get to know you and interact with your posts.

Start conversations. Don’t just post. Reply to people, start conversations. Pick something random and respond and ask a question. Remember that when someone replies to you with @yourname, everyone following that person sees it. Thus if curious (aren’t we all?) they will check out your profile and hopefully follow you.

Twitter Bio:
The bio and user name fields are searchable. TAKE ADVANTAGE OF THIS!!! Put andything you want to be searchable in these fields so it can be found. If you are building a personal brand, be sure to put your full name in there. If building a company brand, ensure the company name and some keywords are in thesse fields. This is SEO for twitter.

Tagging = SEO

When you see #something in a message, for instance “going to #idealbite”, the sender is sending a hashtag. Hashtags are like tags like on flickr or categories on a blog. They group tweets so people can search and find them. Follow twitter user @hashtags and your tweets will be indexed and grouped. So anytime you want to tag the message, throw in a hash tag “just got back form #idealbite office and now going to watch #TBS because #Seinfeld is funny” — Personal note, I hate the use of # in this case. Hashtags said they borrowed it from IRC. On IRC # is a location, not a tag or thing, thus I dislike the usage here. But eh, what ya gonna do?

Update: According to a few people, including domdingelom, hash tags are dead and “http://search.twitter.com is the new black”.  I would agree with this, as I don’t use hashtags though I still see a good number of people using them.

Follow Loyalty

Want to automatically follow those who follow you, auto-send message to those who follow you, or even schedule tweets to send in the future?

Wonder how Obama follows everyone who follows him so quickly? Here is the secret:

Tweetlater

Tweetlater, and other similar services, all you to perform these tasks. One common tactic I have noticed is the use of Tweetlater to send out discount codes and special messages to new followers. This can be a great way to get someone from Twitter to your website or business location.

When to tweet:

When it feels comfortable but at least once a day. Let people know what you are up to. Send out links to good content. Plug yourself, content, or business. Like Gary Vaynerchuk says, self promotion is OK.

How to insert a URL:

Twitter can shorten URLs but sometimes you may insert form a client that does not or want to use a different service that you just like more. Use tools like Snurl or Tinyurl to shorten long URLs, since you only have 140 characters and don’t want to waste it with long URLs.

Want to post a picture to Twitter?
Check out twitpic of the flickr/twitter apps like twittergram.

Have a RSS Feed you want on Twitter?

Easy, twitterfeed has you covered. Just point twitterfeed to your website, blog, or other RSS feed and you get all your posts automatically sent to twitter.

Thanks to everyone who I have talked with, showed me new services, or even added some of the content above.  Special thanks to Scott Boyarsky who put a lot of this together.

Video blog rant on information security programs. This started as me just playing around with the isight camera and evolved into a full on rant.

I learned that I have no future in media.

A recent sidebar piece I wrote for InformationWeek has been posted online.

“Security software as a service is increasing in popularity in tandem with the growth in cloud computing, as emerging providers promise to lower costs while increasing security…[Read More]“

• Basic Drupal SEO Tutorial: On-site Optimization | Webmaster Tips
  (tags: drupal seo)

Over the last week I have been thinking about applications that could morph themselves based on some criteria.  Mostly, I have been thinking about this in respect to web applications which could change their layout automatically based on the user’s interaction with certain parts of the application or lack thereof.

Additionally, this week I have been doing a lot of research on web application security. Tonight the two topics merged.

What if an application could change itself in order to protect itself?  For instance, what if an application which accepts user input, submits the input via GET, and then displays the information could protect itself from being used in XSS phishing attacks even if it is vulnerable to XSS attacks?

Enter dynamic variables.  The code below is a quick POC I put together to decide if this would work. The outcome: Yes, it could work. The code below is vulnerable to XSS attacks, but the attacks would only be valid for 2 seconds because the variable changes and essentially expires.

I fully admit that if someone was going to go through this much trouble, they should just fix the bad code. I wanted to try this just as a POC and for purely research reasons.  There may be some value of implementing a more advanced version of this in a WAF, but again may not be worth it since there are other ways to address it.

Anyway, on to the code:

<?php

$var = date(dWYHis);

print “<html><form action=\”test.php\” method=\”GET\”> <input type=\”text\” name=\”$var\”> <input type=\”submit\” value=\”submit\”></form><br></html>”;

$datechk = date(dWYHis);

foreach ($_GET as $key => $value){
if ($key <= $datechk AND $datechk > $date-2){
echo “$value”;
}
}

?>

The first part reads in the the current date and time and sets this string as the name of a field in a html form.

Next once the form is submitted, the current date and time string is read into $datechk. The variables submitted are extracted and the variable names are compared to the current $datechk value to ensure the variable is not more than 2 seconds old. If the variable is equal to the current datetime string or is no more than 2 seconds old, then the variable is acceptable and the code moves on.

Obviously, the date-time string should not be relied upon alone.  It could be used if it is salted in some manner but the key is to have a repeatable process on both ends to ensure the data variable can be recreated and validated.

Sorry about the code formatting, the blog doesn’t do a great job of formatting code.