Windows 10 uses homegroups, but if you have systems that don’t understand homegroups and want to share a Windows 10 printer by UNC (the old school way to share a network printer), it’s not obvious how to go about doing it.
I couldn’t find a way from the GUI, but it’s still possible to share the printer from a command line.
Continue reading Share a Windows 10 printer by UNC
The GCHQ is the British equivalent of the NSA. They recently published a new document containing the GCHQ’s new password advice in light of the things we’ve learned in the last few years. It’s worthwhile reading, whether you’re a sysadmin or a web developer or just an end user who wants to stay secure online.
Some of the advice may be surprising.
Continue reading New password advice from GCHQ
Unlike some security professionals, I still regard antivirus as a necessity. It doesn’t catch advanced threats, and everything it does catch can be caught through other methods, but it is the most cost- and labor-effective way to catch the best-known, least sophisticated attacks. If you put a $100,000 incident responder to work hunting ordinary viruses, you’ll waste a lot of money on salary and quickly lose that incident responder to another company offering more interesting work.
Of course, there’s a great deal of discussion in the mainstream computer magazines about which antivirus is the best. I don’t agree with their methodology though–they might as well be looking for the longest 8-foot 2×4 at the home improvement store. Yes, you can probably find some variance if you get out a micrometer, but what have you accomplished?
SANS has a good real-world test to see how much protection your antivirus software is really giving you.
Continue reading Use this file to find out how much your antivirus is protecting you
So my buddy, we’ll call him Bob, runs Data Loss Prevention (DLP) for a big company. DLP is software that limits what you can do with sensitive information, in order to block it from going out of the company. The NSA wasn’t using DLP back when Ed Snowden was working for them; they probably are now.
Sometimes DLP blocks people from sending their own personal information. Doing so is their right–it’s their information–but from a security point of view, I’m really glad DLP kept them from e-mailing their entire life around in plaintext.
Continue reading Don’t e-mail yourself a list of all your passwords and bank account numbers to yourself from work
I was talking breaches last week when a very high-up joined the conversation in mid-stream.
“Start over, Dave.”
“OK. I’m talking about breaches.”
“I know what you’re talking about,” he said, knowingly and very clearly interested.
Continue reading You’re telling me someone gave a stranger his password?
I’ve grown used to being asked what unpatched vulnerability was used in the most recent breach, in an effort to make sure some other company is protected.
I appreciate the desire to learn from other companies’ mistakes and not repeat them. But there are several reasons why the answer to that question is complicated, and not necessarily helpful.
Continue reading Why every breach is different
I don’t buy a lot of hardware anymore, but we purchased a Fujitsu Scansnap ix500 document scanner this month. It has a fantastic reputation, and it only took an hour to live up to it for me.
Continue reading The Fujitsu Scansnap iX500 deserves its reputation
I read on Linkedin this week that up to one-third of former employees are still accessing company data–after their last day.
I wish I could say I was surprised. But I remember on my last day at one former employer, I turned in my badge, mentioned that I still had some paperwork to fill out and asked if I could have a couple of hours before my accounts would be de-activated. The guy laughed, and I won’t say how long he estimated my accounts would still be good. It was too long. Continue reading How to stop the 30% of ex-employees who want to access company data
With the end-of-life of Office 2003 rapidly approaching, I’m having to look at alternatives. Even after five years, I find the Office ribbon demeaning and productivity-killing, so Microsoft’s newer products are out. With Libre Office, the price is right ($0), so I’m giving it a long look.
Continue reading Giving Libre Office another look
As you probably know, last year some still-unknown criminals stole a whole bunch of credit and debit card data from Target. And the story keeps changing. First there weren’t any PINs. Then they got the PINs, but no personally identifiable data. Well, the latest news indicates they got credit card numbers, names, addresses, phone numbers, e-mail addresses, and for a whole lot more people, and probably from a longer length of time than just late November to mid-December.
There are a few things you ought to do if you shop at Target, which many people do. Continue reading Why the Target data breach news keeps getting worse, and what you need to do