LastPass Enterprise Updates

A couple of good updates if you’re a LastPass Enterprise customer. The LDAP sync utility version has been updated and will now run as a service.   Before it ran as an application, and that didn’t work well for me.   The LDAP sync talks to your directory and updates new users and disabled/deleted users according to …

Continue reading ‘LastPass Enterprise Updates’ »

Self Encrypting Drives

For protecting data at rest on hard drives, hardware encryption has long been forecast to surpass software based encryption.  At first the problem was having enterprise manageability and single sign on with a Windows account.   There are now several different management platforms for self-encrypting drives (SED).   Then the issue was compatibility.   The Opal standard should rectify …

Continue reading ‘Self Encrypting Drives’ »

Java 7 update 11 released

Java 7 update has been released patching the latest zero day. Since Friday, its been hard to turn on the news without hearing about this Java vulnerability and Homeland Security’s advice to disable or remove Java.  Now you don’t have to potentially denial of service yourself to be protected from this attack. Disabling the browser …

Continue reading ‘Java 7 update 11 released’ »

No glitch, just poor key management

Imagine my surprise when I opened today’s Washington Times and saw an above the fold article titled “Glitch Imperils Swath of Encrypted Records.”  It’s already getting pretty deep. “In the worst-case scenario, most of the data on the servers of every company in  the developed world gets wiped out,” Tatu Ylonen, chief executive officer of SSH  …

Continue reading ‘No glitch, just poor key management’ »

Preventing Phishing the Company From Your Domain

If a phish or spam comes into your company with a From address of your company’s domain, recipients may be more likely to take action.   That quick decision can lead to compromised computers.  Coca-Cola found itself the victim of a hack when an email masqueraded as Coca-Cola’s chief executive, sending an email to Paul Etchells, Coca-Cola’s deputy president …

Continue reading ‘Preventing Phishing the Company From Your Domain’ »

You only have to scan the ones you want to keep

Growing up, my dentist had a sign “You don’t have to brush all your teeth, just the ones you plan to keep.”  I thought of that when talking to Qualys recently. As we look ahead to IPv6, vulnerability scanning needs to be addressed.   Old methods like scanning IP ranges don’t work when scanning IPv6.   Qualys’ …

Continue reading ‘You only have to scan the ones you want to keep’ »