Yesterday I read, via Ars Technica, that the malware resided on cash registers (which I’d heard elsewhere before), and that the first step to getting there was via a compromised web server. And that led to a question in the comments, that sounds like it came from an IT professional: don’t they have their network […]
Although interest in 4K television is understandably lukewarm at best–high definition only arrived about 15 years ago, the standard it replaced lasted half a century, few people are itching to replace the sets they’ve bought in the last decade when they still work, and there’s precious little 4K content–39-inch 4K televisions are proving to be […]
A lot of organizations equate security with regulatory compliance–they figure out what the law requires them to do, then do precisely that. Forward-thinking organizations don’t. They see security as a way to get and maintain a competitive advantage, and rather than measure themselves against regulations that are often nearly out of date by the time […]
My logging system died rather abruptly one week. It started with the Active Directory account some of our servers use locking. I got the account unlocked–someone else has those rights–and the system came back to life for a while, but then we had to repeat, and each time we repeated, “a while” grew shorter and […]
After a bad day at work last week, I went home and ordered The Phoenix Project (or here it is on Amazon), started reading it, and felt better. Like Office Space, but there’s more to learn from it. Phoenix is more realistic. Every problem every shop I’ve ever worked in is in that shop, plus […]
I’ve written before about using the hosts file to block domains that are hosting malware. The idea is pretty simple. There’s a known list of domains that are either hosting or controlling malware, so by blocking your computer from accessing those domains, you make it much harder to get infected in the first place, and […]
I had a search query about getting started in regulatory compliance, which I’ve written about before, but more from an organizational perspective. That won’t help you much from a career perspective. I think most any CISSP will answer that question similarly, so I’ll take a stab at it.
I’m working right now for a Fortune 25 company. This story is going to sound like bragging, so I’ll ask forgiveness in advance. Maybe if I mention I’m a contractor, then it’s not bragging quite so bad.
The first version of Windows NT, version 3.1 (to coincide with the then-current 16-bit version of Windows) was released 20 years ago today. It was an insanely ambitious effort for Microsoft that took a while to pay off, though it eventually did in spades. Windows NT was what killed off Novell and OS/2 and turned […]
Every once in a great while, I have to answer a question like what version of Windows a range of servers is running. If the number of servers is very small, you can just connect to them with a Terminal Services client and note what comes up. But sometimes that’s impractical. Right now I’m working […]