TILLW

Things I Looked at Last Week: 1/30/2011 – 2/5/2011

by kriggins on February 7, 2011

in TILLW

Welcome to the weekly post where I take the opportunity to expound on just about anything. Never fear, there is always a dedicated Infosec portion for those that don't care about anything else :)

Here are a few links if you'd like to skip to a particular part of the post.

Thoughts
Infosec Stuffs
Non-Infosec Stuffs

Thoughts

"Any man may be in good spirits and good temper when he's well dressed. There ain't much credit in that."
~Charles Dickens

Infosec Stuffs

This week I am going to point you to a couple of PDFs that were brought to my attention via the Society of Information Risk Analysts. Both were suggested as good reading by Russel Thomas and I concur with his assessment. :)

Risk Visualization

How many of us have projects in flight or would like to get something put together into a dashboard format for our executives that effectively communicates information risk in our organizations?

How many have something, but would like it to be better?

The first paper I'd like to point you to is entitled Envision Risk (Pdf). The subtitle is "A Systematic Framework for Risk Visualization in Risk
Management and Communication" which pretty much explains what this paper is about, but don't take my word for it.

From the abstract:

Managing and communicating risks have become crucial tasks in today’s economy and society. Visualization – through its numerous cognitive and communicative advantages – can play an important role in comprehending and conveying risks. This  report thus examines how graphic representations such as maps, charts, diagrams, and visual metaphors, can be applied to risk  management by summarizing the current state-of-the-art in a conceptual framework that is illustrated with application examples.

Key Risk Indicators

The next PDF is about Key Risk Indicators (PDF). From the intro to the chapter:

In this chapter, we will seek to demystify KRIs, understand the basic fundamentals in identifying, specifying, selecting and implementing quality  indicators, and consider how to monitor and report on them, in conjunction with other useful operational risk management information, to create powerful management reporting.

I have not have a chance to get into this one very deep yet, but when Russel and another good friend of mine, Chris Hayes, recommend it, it has to be worth reading. I do find the concept of KRIs intriguing.

Non-Infosec Stuffs

Sorry. No non-infosec stuff this week.

Closing

That's it for this week. I hope you found something that piqued your interest.

As always, comments welcome below or you can email me at kriggins@infosecramblings.com if you prefer.

If you are interested in getting my content regularly, go ahead and subscribe to my RSS feed. You can also subscribe to have posts emailed to you if you prefer.

-Kevin

{ 0 comments }

Welcome to the weekly post where I take the opportunity to expound on just about anything. Never fear, there is always a dedicated Infosec portion for those that don't care about anything else :)

Here are a few links if you'd like to skip to a particular part of the post.

Thoughts
Infosec Stuffs
Non-Infosec Stuffs

Thoughts

"The heights which great men reached and kept, were not attained by sudden flight, they, whilst their companions slept, were toiling upwards in the night."
- Henry Wadsworth Longfellow

Infosec Stuffs

Last week was a massively busy week and, as such, I didn't have much chance to dig very deep into some of the things I came across. Therefore, I am going to cheat a little this week and point you to the interesting bits posts that got generated from my bookmarking activities of the week.

Interesting Information Security Bits for 01/26/2011

Interesting Information Security Bits for 01/28/2011

Non-Infosec Stuffs

As I have mentioned several times, I am an avid Crossfit athlete. This weekend I was catching up on some Crossfit Journal content, an excellent resource by the way, and came across a series of short video snippets from a seminar given by Andrew Bernstein.

Mr. Bernstein is the author of the book The Myth of Stress (Amazon, B&N.) While I have not read the book, it is now on my to-be-read list. In his talk, he presented a tool called ActiveInsight which is the cornerstone of his process of dealing with stressful situations in our lives. From the website:

Everyone has had an insight at some point in life—after struggling with a challenge for some time, you suddenly have a realization. In that moment of insight, your vision clears, your emotions shift, and the options available to you seem dramatically different. The external world may be the same but, filled with new understanding, you see it from a completely different point of view. ....

The 7 steps of the ActivInsight process are designed to consciously replicate what normally takes place subconsciously during moments of insight.

It is a pretty neat tool and process and you can learn more about it on his website or from the book.

Closing

That's it for this week. I hope you found something that piqued your interest.

As always, comments welcome below or you can email me at kriggins@infosecramblings.com if you prefer.

If you are interested in getting my content regularly, go ahead and subscribe to my RSS feed. You can also subscribe to have posts emailed to you if you prefer.

-Kevin

{ 1 comment }

Welcome to the weekly post where I take the opportunity to expound on just about anything. Never fear, there is always a dedicated Infosec portion for those that don't care about anything else :)

Here are a few links if you'd like to skip to a particular part of the post.

Thoughts
Infosec Stuffs
Non-Infosec Stuffs

Thoughts

Just because it amused me:

Correct me if I'm wrong, but hasn't the fine line between sanity and madness gotten finer?
~George Price

Somehow I got my dates messed up so that they were not referring to a Sunday to Saturday period. That is now corrected. Also, I changed the name of this feature to Things I Looked at Last Week instead of Learned.

Infosec Stuffs

A CISSP Study Plan Memoir

Whether you think the CISSP is of value or not, it is a test that is a challenge if for no other reasons than the breadth of information it covers and the length of the exam. This is a nice memoir of one person's journey towards taking and passing the exam. There are quite a few good references for those who are studying for the CISSP.

A CISSP Study Plan Memoir

Top Ten Web Hacking Techniques of 2010 (Official)

Jeremiah has again compiled the Top 10 Web Hacking Techniques. I attended his presentation as RSA 2010 and it is well worth checking out. Below is the short list from what was a much longer list.

Top Ten Web Hacking Techniques of 2010 (Official)

Risk Requires Opportunity

Eric, a recent entrant into the blogging world, is the CSO of a large health care provider. He makes a very good point about risk that may seem obvious when you read it, but tends to be left out of most assessments.

Risk Requires Opportunity

Threat Modeling and Attack Surface

Gunnar Peterson has put together two posts that we should all study. I have read each once, but will be going over them again. While the specific case he applies his thoughts to is REST, the model can be applied to anything we may be analyzing.

REST Threat Model & Attack Surface
Of Gateways and Hedgehogs

Common Traits of Information Security Leaders

My last pointer is to a post by Lee and Mike. It is about the common traits of information security leaders. They should know.

Common Traits of Information Security Leaders

Non-Infosec Stuffs

If you are interested in product photography or are active on eBay and want to make your selections look a step above the rest, you should check out this post on Strobist.com. It shows how to make a light box for next to nothing that allows you to take shots like these. (yes, this is shameless self-promotion of my Project 365 too :))

http://project365.kevinriggins.com/2011/01/22/22365-the-jar/

http://project365.kevinriggins.com/2011/01/23/23365-the-white-boss-302/

Closing

That's it for this week. I hope you found something that piqued your interest.

As always, comments welcome below or you can email me at kriggins@infosecramblings.com if you prefer.

If you are interested in getting my content regularly, go ahead and subscribe to my RSS feed. You can also subscribe to have posts emailed to you if you prefer.

-Kevin

http://www.abc.net.au/news/stories/2011/01/13/3112412.htm?site=newcastle

{ 1 comment }

Welcome to the weekly post where I take the opportunity to expound on just about anything. Never fear, there is always a dedicated Infosec portion for those that don't care about anything else :)

Here are a few links if you'd like to skip to a particular part of the post.

Thoughts
Infosec Stuffs
Non-Infosec Stuffs

Thoughts

Are you uncomfortable?

I am. On purpose.

We just got a new bed. The one we replaced was seriously showing its age. However, as with many new things, the replacement bed is a bit uncomfortable. You have to get used to it.

My body is used to being supported in a particular way at night. Even if it isn't the best for me, it iswhat I am used to. Moving to a new bed means change and change can be uncomfortable. However, within a few nights, I will be resting easier and waking up feeling like I slept on clouds, not like I endured a 7 hour wrestling match with a grizzly bear :)

Maintaining the status quo is not necessarily bad, but you probably aren't growing much by doing so. Stretch your boundaries a little. It'll be uncomfortable at first, but it'll be better for you in the long run.

Infosec Stuffs

You Say Potato, I say False Positive

Shrdlu put up the blog post below that takes to task the way some penetration and application security test reports end up looking. The comments are also a very good read.

You say potato, I say false positive.

Client-side JavaScript Vulnerabilities

The folks at the IBM Rational Application Security Insider have published a white paper that takes a look at client side JavaScript vulnerabilities. What they found is not pretty. They tested 675 websites, including all 500 of the Fortune 500 company's sites. Here are a couple statistics to whet your appetite:

  • "...about 14 percent (98 sites) of the 675 sites suffer from many severe client-side JavaScript issues..."
  • "...research also showed that 38 percent of the vulnerable sites suffered from these vulnerabilities as a result of using third party JavaScript code..."

The rest of the paper is well worth the time spent reading it.

Close Encounters of the Third Kind

Non-Infosec Stuffs

A Branding MAD Lib

My friend Mike Murray has written a neat post about branding. Not branding as in red hot irons causing permanent disfiguring scars, but branding as in what do you want to be known for? It's an interesting exercise that you should take a shot at.

A Branding MAD Lib

Closing

That's it for this week. I hope you found something that piqued your interest.

As always, comments welcome below or you can email me at kriggins@infosecramblings.com if you prefer.

If you are interested in getting my content regularly, go ahead and subscribe to my RSS feed. You can also subscribe to have posts emailed to you if you prefer.

-Kevin

http://www.abc.net.au/news/stories/2011/01/13/3112412.htm?site=newcastle

{ 0 comments }

Welcome to the weekly post where I take the opportunity to expound on just about anything. Never fear, there is always a dedicated Infosec portion for those that don't care about anything else :)

Here are a few links if you'd like to skip to a particular part of the post.

Thoughts
Infosec Stuffs
Non-Infosec Stuffs

Thoughts

This time, like all times, is a very good one if we but know what to do with it.

~ Ralph Waldo Emerson

Infosec Stuffs

To CISSP or not to CISSP

There is a continuing theme that plays out periodically about the value of the CISSP certification. I hold this certification and will continue to do so. The two links below express, better than most, how I also feel about the CISSP and certifications in general.

To CISSP or not to CISSP Part 1

To CISSP or not to CISSP Part 2

Mobile Security

It is becoming more and more of an issue, one which we cannot ignore. Mike has a post up over at Securosis that you should give a gander.

Mobile Data Security - I Can Haz Your Mobile

Remote Shell on an Android Device

Following on the theme of mobile data security is this video of Immunity, Inc. getting a remote shell on an Android based device. Lots of good points in this video independent of the demonstration.

http://partners.immunityinc.com/movies/Lightning_Demo_Android.mov

Panda Labs 2010 Annual Report

The Panda Labs Annual Report for 2010 is available.

Report (pdf)

Non-Infosec Stuffs

I decided to start a new project this year. It is called Project 365 and it means taking a picture everyday and posting it online. For those who are interested, you can follow along at http://project365.kevinriggins.com.

As the about page at the site mentioned above says, this project is to help me grow my skills as an amateur photographer. One of the things I really want to learn more about is the use of off-camera light. If you are interested in this too, check out the Strobist website. His Lighting 101 series is a must read if you are starting down this path.

Closing

That's it for this week. I hope you found something that piqued your interest.

As always, comments welcome below or you can email me at kriggins@infosecramblings.com if you prefer.

If you are interested in getting my content regularly, go ahead and subscribe to my RSS feed. You can also subscribe to have posts emailed to you if you prefer.

-Kevin

To CISSP or Not to CISSP – Part 1

{ 1 comment }

Welcome to the weekly post where I take the opportunity to expound on just about anything. Never fear, there is always a dedicated Infosec portion for those that don't care about anything else :)

Here are a few links if you'd like to skip to a particular part of the post.

Thoughts
Infosec Stuffs
Non-Infosec Stuffs

Thoughts

"It is not necessary to change. Survival is not mandatory.”Zombie Survival Guide
- W. Edwards Deming

I'm going to go a step further than Mr. Deming and say that flourishing is not mandatory. The issue at stake is often not one of survival, but one of taking that next step that can lead to new knowledge, new experience, new growth...flourishing.

We've talked about courage and failure already. Both are part and parcel of change. Not every change is going to be successful or even good, but, in many cases, maintaining the status quo results in stagnation or just isn't an option.

Some embrace change. They thrive on it. The allure of the new is irresistible to them.

Some don't.

If you fall into the second category you might get something out of the book Who Moved my Cheese?.

Don't avoid change. It is going to happen whether you want it to or not. Being ready to deal with it and making the best of it will go a long way towards making it a whole lot easier when said change does happen.

Infosec Stuffs

Not a lot caught my eye last week. Probably due to the number of folks that were on vacation or just general year-end slow-downs, like me not paying much attention :) However, I do have a couple things for you.

OWASP Secure Coding Practices Quick Reference Guide

This is a handy 17 page document that boils down the OWASP Secure Coding Practices to the nitty gritty. Definitely a reference to keep close by.

OWASP_SCP_Quick_Reference_Guide (PDF)

PC in a Plug

This is very very nifty project, particularly if you happen to be performing a physical penetration test. It doesn't appear that the actual hardware is available yet. When it is, it will be fun to play with.

Covert Penetration

Non-Infosec Stuffs

I don't have much to talk about here this week either. The only thing I want to mention relates to the architecture that I use for the different blogs and websites I manage.

I use a combination of WordPress or Drupal served by a Nginx web server/PHP/PHP-FPM/MySQL stack. Recently, I needed to increase the maximum file size that could be uploaded to one of my sites.

Should have been simple.

Wasn't.

Actually, it was. I was just a bit dense.

Turns out that some of the settings in the php.ini file are updated when you restart Nginx and some require you to restart PHP-FPM. The Nginx restart script doesn't do that bit for you. Oops.

The specific setting I was trying to modify was upload_max_filesize. I finally a) remembered about PHP-FPM and b) restarted it and, after a bunch of silliness, wah-lah, uploads of large files worked. Sheesh.

Keep it Simple StupidMoral of the story? If you aren't getting the result you expect when making changes to your web publishing stack, make sure you have restarted the whole mess before looking for other culprits.

Closing

That's it for this week. I hope you found something that piqued your interest.

As always, comments welcome below or you can email me at kriggins@infosecramblings.com if you prefer.

If you are interested in getting my content regularly, go ahead and subscribe to my RSS feed. You can also subscribe to have posts emailed to you if you prefer.

-Kevin

Photo Atribution:
KISS: Jegi
Zombie Survival Guide: jronaldlee
http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.pdf

{ 0 comments }

Things I Learned Last Week: 12/19/2010 – 12/26/2010

by kriggins on December 27, 2010

in TILLW

Welcome to the weekly post where I take the opportunity to expound on just about anything. Never fear, there is always a dedicated Infosec portion for those that don't care about anything else :)

Here are a few links if you'd like to skip to a particular part of the post.

Thoughts
Infosec Stuffs
Non-Infosec Stuffs

Thoughts

"Failure defeats losers, failure inspires winners."
~Robert T. Kiyosaki

Last week we talked about courage. We didn't say that courage meant we were not afraid, we said that courage is doing something in spite of fear.

But what if something bad happens...like failure?

There are two ways to look at failure. The first is to say we can't do it. Admit to ourselves we got beat, tuck our tail between our legs, and slink off, hoping that nobody saw us go down in flames.

In other words, BE A LOSER!

Ouch. That was harsh.

Let's try the second way. Let's look at our failures as inspirations. Let's take our failures, learn from them, and then try again...as often as necessary, until we succeed.

In other words, BE A WINNER!

Infosec Stuffs

Cost of a Security Breach

One of my friends, Javvad, pointed this out last week. It is a very nice infographic on the cost of a security breach. While the data and numbers are UK specific, I think it gives a picture that all of us should be aware of.

Cost of a Security Breach

Sysadmin Mantras

You may be a sysadmin or you may not be. However, anybody involved in security will benefit from giving these a read. They apply as well to any security effort as they do to system administration.

Sysadmin Mantras

Your 2011 Infosec Marketing Plan: FUD?

Dave is speaking a bit tongue in cheek here, but you really do need to sell your efforts to make your organization more secure. 'Just because' is not going to get it done.

Your 2011 Infosec Marketing Plan: FUD?

Tips for Submitting and Security Conference Proposal

Have you decided it's time to start your speaking career? Have you already been submitting, but haven't gotten accepted yet? Either way, you should give Lenny's tips a read.

Tips for Submitting and Security Conference Proposal

Non-Infosec Stuffs

This week for the non-infosec stuff, we have a couple of completely unrelated topics.

Copyediting

First is a site that will help you be a better writer. It's a site called CopyEditing:because language matters. There are a number of resources there for you to use, both paid and free. I particularly like the blog that has free tips. Check it out.

Net Nuetrality

The other bit I have for you is a graphical representation of what a non-open internet could mean. For more information on Net Neutrality, see this link. After reading that, check out this graphic for a bit clearer idea of what it could mean :)

http://www.theopeninter.net/

Closing

Last week I received a nice note from a reader who expressed appreciation for the blog. That meant the world to me. One of those every once in awhile is plenty of fuel to keep blogging.

I am not bringing this up to ask for more of such from you, although that would be nice :)

I bring it up so that I can urge you to drop one or more of your favorite bloggers a quick note or comment of appreciation. They spend a good bit of time providing us with food for the mind or with things that tickle our fancy. A simple note of thanks really makes a difference.

That's it for this week. I hope you found something that piqued your interest.

As always, comments welcome below or you can email me at kriggins@infosecramblings.com if you prefer.

-Kevin

XRAE is a web based search engine (from the company 'Rolling Solutions') that allows the BGA/Broker to answer a list of underwriting questions that are then matched against the supported carriers’ underwriting rules  to determine the “best case” underwriting classification for multiple carriers. It also allows BGA’s to submit and track ‘quick quote’ request to the carriers that include all of the required questions answered and helps carrier evaluate the simple ones quickly.

The site also offers Metric reports that can provide the carrier with information about competitiveness of underwriting requirements, types of quotes submitted, etc.

{ 1 comment }

Things I Learned Last Week: 12/12/2010 – 12/18/2010

by kriggins on December 20, 2010

in TILLW

Welcome to the weekly post where I take the opportunity to expound on just about anything. Never fear, there is always a dedicated Infosec portion for those that don't care about anything else :)

Here are a few links if you'd like to skip to a particular part of the post.

Thoughts
Infosec Stuffs
Non-Infosec Stuffs

Thoughts

"Courage is being scared to death, but saddling up anyway."
~John Wayne

I came across this quote earlier this week and it hit me again as I contemplated last Tuesday's Crossfit workout. Crossfit is an exercise regimen that is based on constantly varied, high intensity efforts across broad time and modal domains.

What in the world does that mean?

It means workouts are always changing and always intense. The changes are in the exercises performed and the time they are performed in.

That being said, there are certain defined workouts that are used to gauge progress. Tuesday's was just such a workout. It is affectionately named the "Filthy Fifty". If you are interested in the details of what that entails, you can check out this post from my gym's blog, but essentially it is 50 repetitions of 10 different exercises done for time.

Yup, that's a total of 500 reps.

It hurts...A LOT.

I knew it was going to hurt when I looked at it that morning.

I. Did. It. Anyway.

When faced with something frightening, hard, outside our comfort zone, or just plain intimidating we can be scared and hide from the challenge or, as Lady Macbeth said

Macbeth:
If we should fail?

Lady Macbeth:
We fail?
But screw your courage to the sticking place,
And we'll not fail.

Macbeth Act 1, scene 7, 59–61

Put your foot in the stirrup, grab a hold of the horn, and get yourself in that saddle. The only way to assure yourself of failure is to not try.

Infosec Stuffs

IPv6

IPv6 is coming whether we want it to or not. Here is a quick cheatsheet for some things IPv6.

Don't write it if you don't want it read

There was quite the bruhaha a week or so ago when it was learned that there had been a massive breach of Gawker's systems. So bad, that the individuals responsible were able to get access to quite a bit of really important information, like source code, internal usernames and passwords, chat logs, etc. This post at Forbes is an excellent synopsis of what happened.

There are a bunch of lessons in this post, but the one that we really need to take away is that putting usernames and password into clear text communications like chat and email is really really not a good idea. You never know when that type of stuff will become available to those you don't want to read it.

Open Source Security Testing Methodology Manual (OSSTM)

Version 3 of the OSSTMM (PDF)  has been released. From the introduction:

The Open Source Security Testing Methodology Manual (OSSTMM) provides a methodology for a thorough security test, herein referred to as an OSSTMM audit. An OSSTMM audit is an accurate measurement of security at an operational level that is void of assumptions and anecdotal evidence. As a methodology it is designed to be consistent and repeatable. As an open source project, it allows for any security tester to contribute ideas for performing more accurate, actionable, and efficient security tests. Further it  allows for the free dissemination of information and intellectual property.

The OSSTMM has been in development for quite a few years and this is the latest version. I am still reading through it, but you can't go wrong by giving it a read.

Get over it

Rich, over at Securosis, has a post up titled Get Over It. Go read it. I'll wait.

.

.

.

Back? Good.

That post sparked the following thoughts which are only loosely related.

Think about the last time you were meeting with some business people and they just didn't understand how dire the situation was.

Now, stop and think about this.

Was it really dire?

We as professionals in the information security realm tend to go straight to worst possible outcome. I think this is often a function of the mindset that Rich talks about. What happens if somebody keeps hearing about the worst possible outcome over and over, but it never happens? They will likely stop listening to you.

Try to see things from a space outside your own experience and you may find ways to both step back from the worst possible outcomes trap and communicate with your "outsiders" in a manner that breeds collaboration as oppose to ignoration. < Ha! That isn't a word, but it sure should be.

Non-Infosec Stuffs

Not a whole lot on the non-infosec front this week other than to say that I was introduced to an instrument I had never heard of this past weekend, the piccolo trumpet.

My wife and I, along with some friends, went to a chamber music concert where J.S. Bach's Brandenburg Concerto No. 2 was played. The piccolo trumpet is used during that concerto is absolutely wonderful to listen to, as are Bach's Brandenburg Concertos.

If you have never heard Bach's Concerto No. 2, you should really give it a listen.

J.S. Bach, Brandenburg Concerto II BWV 1047, Freiburg Baroque Orchestra

I. Allegro

II. Andante

III. Allegro Assai

Closing

That's it for this week. I hope you found something that piqued your interest.

As always, comments welcome below or you can email me at kriggins@infosecramblings.com if you prefer.

-Kevin

{ 1 comment }

Last week I made a decision to stop the Interesting Information Security Bits posts. I was both surprised and humbled by the comments, emails and tweets I received that expressed understanding and support for that decision, but also expressed how much the bits posts were appreciated.

That got me to thinking.

Is there a way to provide some pointers to content that supports my desire to refocus my attention without requiring me to wade through so much material?

I think there is and we are going to give it a try. This is the first post in what we will call 'Things I Learned Last Week.'

These posts are basically going to be a journal type thing that I will post every Sunday night/Monday morning. I am just going to start a draft post and plop things in here that I feel taught me something during the week.

Probably won't be restricted to purely Infosec related stuff, but I will try to separate things a bit :)

These posts may be long, they may be short or they may be non-existent.

Things are a little light for this innaugural post. I didn't get started until late last week.

Anyhoo, here we go!

Infosec Stuffs

Droidmap: network scanner in your pocket.

Want to have a handy wireless port scanner with you where ever you go? Check out Droidmap. From the application description:

This is an android application for root users that implements some functions of NMAP in a GUI in android. This program comes with installer scripts for the installation of the required NMAP application that must be run to install the program to your phone. Please note that the installation process requires a Linux environment running the Android developer tools from the SDK (this program requires adb for installation).

So far I have only tested this program on the Motorola Droid A855 so YMMV on other Android devices.

I haven't tested it on my Droid X yet, but it's on the list of things to try. I'll report back after I have given it a go.

Smartphones: Information security risks, opportunities and recommendations for users

The European Network and Information Security Agency (ENISA) has released a new paper on smartphone use. Their work is always worth a gander. From the release notice:

The objective of this report is to allow an informed assessment of the information security and privacy risks of using smartphones. Most importantly, we make practical recommendations on how to address these risks. We assess and rank the most important information security risks and opportunities for smartphone users and give prioritised recommendations on how to address them. The report analyses 10 information security risks for smartphone users and 7 information security opportunities. It makes 20 recommendations to address the risks.

This is a report put out by ENISA that you might find interesting. Not as assessment specifically of their use in corporate environments, but applicable. Reading the executive summary is highly recommended.

You can read the paper here.

Non-Infosec Stuffs

Drupal: Podcasting and content segregation using taxonomy

I have been working on the new website for the Society of Information Risk Analysts and we have a few things we want to support. We want to have three blogs; a general blog for risk stuff, a news/announcement bog, and a podcasting blog. Figuring out how to do that took a good bit of my Saturday and I am not done yet, but I have the bones figured out.

You can use a vocabulary in your site taxonomy and then point menu items/links to the path specific vocabulary terms to build 'blogs.' It's pretty cool. I will provide more detail in next week's TILLW post if anybody is interested.

There is a module called filefield podcaster that helps you build the rss feed for itunes and other readers quite easily. Again, I'll post more detail next week if anybody is interested.

Thoughts

Last week seemed like a very busy week. Of course, they all seem that way, particularly at this time of year. Don't let the busyness of the season get in the way of those relationships that are most important to you. Take a few minutes to connect/reconnect with your loved ones.

Until next week, signing off.

As usual, if you have comments or questions, feel free to leave them below or email me at kriggins@infosecramblings.com.

-Kevin

{ 4 comments }