I read Microsoft’s site to a “Microsoft” scammer

“Daniel” from “Microsoft” called me the other day. The number looked halfway legit so I picked up. He out and out claimed to be from Microsoft and said he was getting alerts from my computer. His voice sounded familiar–I think I’d talked to him before.

“Which computer?” I asked.

“Your Microsoft computer,” he said.

Read more

The workstation events you want to be logging in Splunk

Every once in a while the NSA or another government agency releases a whitepaper with a lot of really good security advice. This paper on spotting adversaries with Windows event logs is a fantastic example. It’s vendor-neutral, just talking about Windows logs and how to set up event forwarding, so you can use the advice with any log aggregation system or SEIM. I just happen to use and recommend Splunk. But whatever you use, these are the workstation events you want to be logging.

I want to call your attention to a couple of items in the paper. Most breaches begin on workstations, and this paper has the cure.

Read more

The new firewall

Monthly patches and upgrades don’t always go well, but getting them down is increasingly critical, especially for applications like Flash, Reader, and the major web browsers. This week I called it “the new firewall.”

Twenty years ago, home users almost never bothered with firewalls. My first employer didn’t bother with them either. That changed in the late 1990s, when worms exploiting weaknesses in Microsoft software devastated the nascent Internet. Firewalls soon became commonplace, along with some unfortunate hyperbole that led some people to believe firewalls make you invisible and invincible, a myth that persists in some circles even today.

For this reason I’m a bit hesitant to declare anything a new firewall, but firewalls are necessary. So is protecting key software.
Read more

You’re telling me someone gave a stranger his password?

I was talking breaches last week when a very high-up joined the conversation in mid-stream.

“Start over, Dave.”

“OK. I’m talking about breaches.”

“I know what you’re talking about,” he said, knowingly and very clearly interested.

Read more

Why every breach is different

I’ve grown used to being asked what unpatched vulnerability was used in the most recent breach, in an effort to make sure some other company is protected.

I appreciate the┬ádesire to learn from other companies’ mistakes and not repeat them. But there are several reasons why the answer to that question is complicated, and not necessarily helpful.

Read more

How to make an LG LD301EL dehumidifier drain the water out of a hose instead of the bucket

I recently came into possession of an LG LD301EL dehumidifier. It was supposed to be draining out of the hose, but it wasn’t. I figured out why.

If you have one of these or a similar dehumidifier, chances are you have the same problem. The instructions on the back of the dehumidifier aren’t as clear as they could be and the diagrams are tiny. The manual doesn’t quite seem to explain it either. If you don’t have the manual and don’t want to download one from a dodgy web site–and as a computer security professional I recommend that you don’t (more on that at the end)–here’s how to get it done.

Read more

EMET protects against what your antivirus cannot–and it’s free

A few years ago, Microsoft quietly released a security tool called EMET–the Enhanced Mitigation Experience Toolkit. EMET is now in version 4.0, and it’s probably the best security tool you’ve never heard of. And that’s a real shame.

Modern versions of Windows and modern CPUs include several security-enhancing technologies that aren’t necessarily switched on by default. EMET is a wrapper that forces software to use these technologies, even if they weren’t designed from the get-go to use them. The idea, then, is that if a badly behaving data file tries to exploit a traditional vulnerability in one of these programs, EMET steps in and shuts it down. A real-world example would be if you visit a web page that’s playing a malicious Flash video, or that contains a malicious Acrobat PDF. The malicious data loads, starts to execute, and the minute it misbehaves, EMET slams the browser tab shut. You won’t know right away what happened, but your computer didn’t get infected, either. Read more

And the most security-riddled program of 2012 was….

Secunia released its annual vulnerability review, a study of the 50 most vulnerable pieces of software in 2012. It was a fairly tight-three way race at the top, and the distance between #3 and #4 was huge.

I was actually surprised at who the top three were. They weren’t the three usual suspects. But in the case of the top two, they did, to their credit, roll out fixes within 30 days of disclosure.

So now that I’m killing you with suspense….
Read more

Firefox 19 is a big security improvement

Mozilla quietly released Firefox 19 this week. Its biggest selling point is a built-in PDF viewer (like Google Chrome does), which makes me more comfortable than having Acrobat Reader installed–Mozilla is generally faster at fixing security holes than Adobe. Besides that, the built-in reader is fast. No waiting for Acrobat to launch. Short documents like IRS form 1040 display very quickly, though it wasn’t so crazy about me throwing the 237-page NIST 800-53 (if you’d like some light reading) at it. I closed the tab and revisited it, and it loaded the second time.

So this is an update you want. You may be wise to wait a day or two for it to stabilize (Firefox 18 was rapidly updated to 18.0.1 and 18.0.2 after its release), but being able to ditch Acrobat Reader (or leave it installed but only use it when absolutely necessary) definitely is appealing. Update it this weekend, maybe.

Read more