Remember back when Summer and Christmas break was a high time of concern. The kids were out of college and ready to try out their skills. Christmas was worse because so many people were out of the office, no one would notice. Or if they did the response would be limited. Now that’s what we …
Continue reading ‘Its the most wonderful time of the year – Patching’ »
Everyone and his brother, inside of infosec and outside has been chortling at Kanye’s iPhone password. Its 00000. Not everyone is in on the joke. Some express OUTRAGE. “how dare you share that man’s password” (it was on CNN, its out there now). Some (and these remind me of the 4D Chess MAGA people) theorize …
There are people who enjoy messing with scammers by replying to scam, or implementing the Jolly Roger Telephone company. While its a few years old, I just watched a couple of James Veitch Ted Talks on what happens when you reply to spam email. Its hilarious.
Dreamhost was sending me cryptic emails about my site using too many resources then dieing as a result. Then Jetpack site monitoring was finding the site down, presumably due to running out of resources. And the homepage loaded too slowly. So a technical problem was at hand. There aren’t a lot of resources out there …
Long before WannaCry used a recently patched Microsoft vulnerability to exploit machines, the recommendation was to disable SMBv1. Disabling old protocols isn’t sexy. You’re breaking things, and not introducing new features. You’re fixing theoretical future attacks. Perhaps the willingness to take on this challenge is a good measure of the maturity level of …
One of the better things you can do to protect your money spent on electronics devices is have a good surge protector and battery backup. If you’re like me, you only buy the kind where you can disable the audible alarms. The problem with this is now you might not get any warning if …
FTC Chief Technologist Lorrie Cranor wrote in March it is time to reconsider mandatory password changes. Unless there is reason to believe a password has been compromised or shared, requiring regular password changes may actually do more harm than good in some cases. (And even if a password has been compromised, changing the password may …
I received the following voicemail on my home number today. “The reason of this call is to inform you that the IRS is filing lawsuit against you to get more information about this case file. Please call immediately on our department number 347-637-6615. I repeat 347-637-6615. Thank you.” While tax season is the high season …
This week Tenable released a new “plugin” (what they call a vulnerability detection) named “Web Server HTTP Header Information Disclosure”, plugin id 88099. In spite of even the title saying it only an information disclosure vulnerability, they rate this a medium. In my environment that means we need to address it. I think its a …
Continue reading ‘Vulnerability Scanners and HTTP Headers’ »