I met with a client earlier this week who asked me to go over their vulnerability scans for a bit of a sanity check. He asked some important questions, but one in particular seems worth sharing. What can we do with Java? Can we solve the Java problem?
I had a Java app pointing at a Forcepoint (formerly known as Websense) proxy server. The proxy server wasn’t working, and the app was giving me a 407 error.
We had Websense set to require NTLM authorization, but it turns out Java won’t do NTLM, so the Java traffic wasn’t even showing up in the monitor.
My workaround was to have users open a browser, then go to any web page immediately before opening the app. By letting the browser authenticate for it, the Java app worked thanks to Websense having the credentials cached.
If you want, you can launch the applet with a batch file that uses IEcapt to hit any web page, then starts the applet.
I hear the question from time to time what the advantages and disadvantages of Windows 3.0 were. Windows 3.0, released in May 1990, is generally considered the first usable version of Windows. The oft-repeated advice to always wait for Microsoft’s version 3 is a direct reference to Windows 3.0 that still gets repeated today, frequently.
Although Windows 3.0 is clumsy by today’s standards, in 1990 it had the right combination of everything to take the world by storm.
Application whitelisting is the holy grail of security, but it’s always at the top of the list of things people should do but haven’t yet. The reason is because it breaks stuff and it’s almost as impossible to anticipate ahead of time what it’s going to break as it is to fix whatever breaks.
I know. I wanted to do application whitelisting way back in 1997 and failed miserably.
I found a good-enough approach recently, though.
Last week Adobe issued an out-of-band Flash patch, and once again Brian Krebs urged people to ditch Flash, noting that he’s done so and hasn’t missed it.
We decided to try ditching Flash at work a few months ago, but it didn’t go quite so smoothly for us. I thought I’d share my experience.
I wanted to be able to stream from Windows Media Player to Android. I have lots of media stored on my Windows computers, but what if I’m in a room that doesn’t have a computer, or outside?
Good GenXer that I am, I spent decades collecting CDs. Some of my stuff is as common and ordinary as it gets. But some of it isn’t on any of the streaming services and probably never will be because there were exactly two other people alive who liked it.
I ripped most of them with Windows Media Player and stored them on my PC with the biggest drive. But that’s not necessarily where I want to listen to music from. Media Player can stream between multiple PCs, but it can also stream to an Android phone or tablet, which, in many cases, is even more convenient.
Now that Windows 10 is out, the questions I see most frequently are why someone should upgrade, or what benefits they get if they upgrade, or if there indeed is such thing as advantages to Windows 10.
While I understand the skepticism, and I think most people probably should wait a few months before upgrading a Windows 7 machine that’s working well, there are a number of compelling things Windows 10 has to offer.
In case you haven’t heard, it’s possible to hack into about a billion Android phones by sending them a text message with a specially crafted picture or video attached.
Google has a fix. The carriers and phone makers are taking their sweet time pushing it out. They may never do it. Here’s how to protect yourself.
IT jobs aren’t as easy to come by as they were 20 years ago, but web app pentesting is one subset of the field that I don’t see slowing down any time soon. Unfortunately it’s a poorly understood one.
But if you spent any significant time in the 1980s or early 1990s abusing commercial software, especially Commodore and Apple and Atari and Radio Shack software, I’m looking at you. Even if you don’t know it, you’re uniquely qualified to be a web app pentester.
The Commodore brand is back again, this time on an Android smartphone. For a premium price, you get an Android 5.0 phone with the Commodore logo on it, preloaded with VICE and an Amiga emulator, which, between the two of them, emulate just about everything Commodore ever made, except, perhaps, the products that can be emulated with the Android calculator app.
But I don’t expect this attempt to be any more successful than earlier efforts to resurrect the brand.