IRS Phone Scams

I received the following voicemail on my home number today. “The reason of this call is to inform you that the IRS is filing lawsuit against you to get more information about this case file. Please call immediately on our department number 347-637-6615. I repeat 347-637-6615. Thank you.” While tax season is the high season …

Continue reading ‘IRS Phone Scams’ »

Vulnerability Scanners and HTTP Headers

This week Tenable released a new “plugin” (what they call a vulnerability detection) named “Web Server HTTP Header Information Disclosure”, plugin id 88099. In spite of even the title saying it only an information disclosure vulnerability, they rate this a medium.  In my environment that means we need to address it.  I think its a …

Continue reading ‘Vulnerability Scanners and HTTP Headers’ »

Bitlocker encryption bypass

Management types are always trying to push BitLocker rather than third party encryption because its free.   “Free” as in, “included in Windows Professional/Enterprise”.   They never consider the less obvious costs in usability and to the helpdesk.  The Windows guys would even team up with the management types complaining that non-Microsoft full disk encryption …

Continue reading ‘Bitlocker encryption bypass’ »

LogMeIn Buys LastPass

I was just recommending LastPass on a corporate Chatter.  Then I read that LogMeIn has bought LastPass. LogMeIn isn’t one of my favorite companies IIRC it is quite impossible to block LogMeIn’s enterprise security circumventing product without blocking remote support sessions also.  This is becuase they use the same servers for each.  GoToMyPC on the other …

Continue reading ‘LogMeIn Buys LastPass’ »