I was making a chart in an Excel spreadsheet the other week and it insisted on adding trailing zeroes in the charts after the decimal point, even though all of my stats were whole numbers. Here’s the solution I finally found to get rid of trailing zeroes in Excel charts.
I hear the question from time to time what the advantages and disadvantages of Windows 3.0 were. Windows 3.0, released in May 1990, is generally considered the first usable version of Windows. The oft-repeated advice to always wait for Microsoft’s version 3 is a direct reference to Windows 3.0 that still gets repeated today, frequently.
Although Windows 3.0 is clumsy by today’s standards, in 1990 it had the right combination of everything to take the world by storm.
I heard an interesting question the other day: What’s the difference between a vulnerability scanner and a SIEM? Qualys and Nessus are examples of vulnerability scanners. Arcsight and Splunk are examples of SIEMs.
To a security practitioner, the tools couldn’t be much more different, but not everyone is a security practitioner.
On a basic, fundamental level, a vulnerability scanner deals in what’s missing in the environment and what could happen as a result of those things that are missing. A SIEM deals in what actually has happened and is happening.
At my current and immediately previous job, we made heavy use of Citrix. Citrix makes remote access and administration really convenient. But you don’t get a dual-monitor display in Citrix by default, and that’s a shame.
And it’s not so nice to be an end user and have two nice monitors but have that remote display confined to just one of them. A lot of work is data-centric these days. Mine sure is. Since so much of my work involves looking at massive Excel spreadsheets and doing something that acts on that data, it’s much easier with two displays. I keep the spreadsheet on one display and another program on the other.
Like all too many things, the solution is simple but non-obvious. I assume assuming you’re connecting to Citrix from a fairly recent version of Windows. Windows 7 is recent enough. Drag your Citrix window to the top of your screen, then slide it over so that it straddles both of your displays. Then release. Your display will then expand to take over both screens. Automatically.
It’s really simple, but I never saw it documented anywhere. So now the secret is out. If you can drag a window, you can get a dual-monitor display in Citrix.
Every once in a while the NSA or another government agency releases a whitepaper with a lot of really good security advice. This paper on spotting adversaries with Windows event logs is a fantastic example. It’s vendor-neutral, just talking about Windows logs and how to set up event forwarding, so you can use the advice with any log aggregation system or SEIM. I just happen to use and recommend Splunk. But whatever you use, these are the workstation events you want to be logging.
I want to call your attention to a couple of items in the paper. Most breaches begin on workstations, and this paper has the cure.
At work part of my job is reporting security metrics along with my colleague, and sometimes we report things like the number of machines running a specific operating system. The problem we run into is that when it comes to operating system versions, OS X versions 10.1 and 10.10 are really not the same. We run into similar issues with versioning for other operating systems too, such as AIX.
To keep Excel from dropping those significant zeroes on your charts, highlight the column containing your version data and switch it from a numeric format to text format. Then switch to the tab that contains your chart, refresh the data, and your charts will show the zeroes properly.
Google is moving its corporate applications to the Internet. A year ago I would have said that’s the dumbest thing I ever heard. Today I’m not so sure.
Sticking stuff in the cloud is the popular answer to everything these days, and I just see the cloud as the new mainframe. It’s not a solution so much as a different take on the same problem, and while I see a couple of potential disadvantages, believe it or not I see some real advantages to the approach as well.
So my buddy, we’ll call him Bob, runs Data Loss Prevention (DLP) for a big company. DLP is software that limits what you can do with sensitive information, in order to block it from going out of the company. The NSA wasn’t using DLP back when Ed Snowden was working for them; they probably are now.
Sometimes DLP blocks people from sending their own personal information. Doing so is their right–it’s their information–but from a security point of view, I’m really glad DLP kept them from e-mailing their entire life around in plaintext.
So, CNN/Money ran a story on the best 100 jobs in the United States, based on pay, projected job growth over the next 10 years, and quality of life ratings. And there was my job title, at #9. I think you should want to become one, so here’s how to become an Info Assurance Analyst.
The field desperately needs more of us, so I’m happy to share with you how to become someone like me. Continue reading How to become an Info Assurance Analyst
So the other day I got blindsided with a question at work: What are we doing about Winshock. Winshock, I asked? I had to go look it up, and I found that’s what they dubbed what I’ve been calling MS14-066, the vulnerability in Schannel, which is Microsoft’s implementation of SSL/TLS for Windows.
Based on that, I’d argue it has more in common with Heartbleed than Shellshock, but I guess “Winshock” is catchier than “Winbleed.”
Then the lead of another team asked me to brief his team on Winshock. I actually managed to anticipate all but three of the questions they asked, too, which was better than I expected. Some of what I shared with them is probably worth sharing further.