NSA Archives

Home » NSA

What to do about Petya ransomware if you already deployed MS17-010

Dave Farquhar Uncategorized June 27, 2017Bo Jackson, breach, NSA, Office Space

Got MS17-010 deployed? Good, that means you’re immune to the Petya ransomware. I still want you to do something.

David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.

dfarq.homeip.net

Best wireless security mode

Dave Farquhar security January 3, 2017February 9, 2018AES, decent password, NSA, passwords, WEP

What is the best wireless security mode? There are only four choices, and only one worth using, WPA2. But there are some other settings you have to use in order to make WPA2 secure.

Dave Farquhar

dfarq.homeip.net

How a dictionary attack works

Dave Farquhar security September 19, 2016July 15, 2018cissp, cissp exam, NSA, passwords

A dictionary attack is a common way to steal a password. Here’s how a dictionary attack works, in layperson’s terms. More importantly, here’s how to beat the attack.

A dictionary attack is a much more efficient alternative to brute force hacking, but it requires a local copy of the user database to work. That usually means stealing the database first, if a bad guy is doing it. But nothing stops a company from doing a dictionary attack on its own user accounts to make sure people aren’t using insecure passwords. It’s unusual, but not unheard of.

Dave Farquhar

dfarq.homeip.net

High side vs low side

Dave Farquhar security January 14, 2016September 13, 2023leaks, malware, NSA, podcast, Top Secret

The other day I heard a reference to the “high side vs low side” of a computer system in a podcast, and the speaker didn’t stop to clarify. Worse yet is when you hear “on the low side” or “on the high side.” I came from the private sector into government contracting myself. I wasn’t born knowing this jargon either, so I’ll explain it.

Dave Farquhar

dfarq.homeip.net

What the NSA can crack, and how to protect against it

Dave Farquhar security October 20, 2015November 27, 2018AES, leaks, NSA, SSL, TLS

Ever since the Snowden leaks, there’s been considerable speculation about what cryptography the NSA could break, and why. Finally, there’s a study that goes into deep detail about what it is the NSA probably can break, and why, plus how to protect against it.

Dave Farquhar

dfarq.homeip.net

New password advice from GCHQ

Dave Farquhar security September 17, 2015April 24, 2017breach, NSA, password database, passwords

The GCHQ is the British equivalent of the NSA. They recently published a new document containing the GCHQ’s new password advice in light of the things we’ve learned in the last few years. It’s worthwhile reading, whether you’re a sysadmin or a web developer or just an end user who wants to stay secure online.

Some of the advice may be surprising.

Dave Farquhar

dfarq.homeip.net

The workstation events you want to be logging in Splunk

Dave Farquhar security September 15, 2015September 15, 2016breach, chrome, excel, firefox, NSA, splunk

Every once in a while the NSA or another government agency releases a whitepaper with a lot of really good security advice. This paper on spotting adversaries with Windows event logs is a fantastic example. It’s vendor-neutral, just talking about Windows logs and how to set up event forwarding, so you can use the advice with any log aggregation system or SEIM. I just happen to use and recommend Splunk. But whatever you use, these are the workstation events you want to be logging.

I want to call your attention to a couple of items in the paper. Most breaches begin on workstations, and this paper has the cure.

Dave Farquhar

dfarq.homeip.net

Application whitelisting on Windows, even home editions

Dave Farquhar security August 5, 2015November 29, 2015antivirus, Australia, malware, Microsoft Office, NSA, spyware, Whitelist

One of the very best things security measures you can take is application whitelisting–limiting the apps that are allowed to run on your computer.

The Australian Signals Directorate–the Australian counterpart to the NSA–says doing four things cuts security incidents by a whopping 85 percent. You probably do three of the things. The fourth is application whitelisting.

use application whitelisting to help prevent malicious software and unapproved programs from running
patch applications such as Java, PDF viewers, Flash, web browsers and Microsoft Office
patch operating system vulnerabilities
restrict administrative privileges to operating systems and applications based on user duties.

Dave Farquhar

dfarq.homeip.net

SSDs, factory resets, and why you probably need encryption

Dave Farquhar Hardware, security May 25, 2015May 24, 2015AES, NSA

After the story came out about factory resets not adequately clearing flash memory in phones and tablets, one of my college buddies asked me if a similar problem exists in SSDs.

Depending on the SSD, it definitely can.

Dave Farquhar

dfarq.homeip.net

Don’t e-mail yourself a list of all your passwords and bank account numbers to yourself from work

Dave Farquhar security, War Stories March 13, 2015April 16, 2017car payment, excel, information security, mortgage, NSA, Password Safe, passwords, yahoo

So my buddy, we’ll call him Bob, runs Data Loss Prevention (DLP) for a big company. DLP is software that limits what you can do with sensitive information, in order to block it from going out of the company. The NSA wasn’t using DLP back when Ed Snowden was working for them; they probably are now.

Sometimes DLP blocks people from sending their own personal information. Doing so is their right–it’s their information–but from a security point of view, I’m really glad DLP kept them from e-mailing their entire life around in plaintext.

Dave Farquhar

dfarq.homeip.net

← Previous