Tag Archives: servers

Microsoft looks back at MS08-067

The most infamous Microsoft patch of all time, in security circles at least, is MS08-067. As the name suggests, it was the 67th security update that Microsoft released in 2008. Less obviously, it fixed a huge problem in a file called netapi32.dll. Of course, 2008 was a long time ago in computing circles, but not far enough. I still hear stories about production servers that are missing MS08-067.

Last week, Microsoft took a look back at MS08-067, sharing some of its own war stories, including how they uncovered the vulnerability, developed a fix, and deployed it quickly. It’s unclear who besides Microsoft knew about the problem at the time, but one must assume others were aware of it and using it. They certainly were after the fall of 2008.

Continue reading Microsoft looks back at MS08-067

Stream media from Windows Media Player to Android

Maybe I’m the only one, but I spent decades collecting CDs, and while some of my stuff is as common and ordinary as it gets, some of it isn’t on any of the streaming services and probably never will be because there were exactly two other people alive who liked it.

I ripped most of them with Windows Media Player and stored them on my PC with the biggest drive. But that’s not necessarily where I want to listen to music from. Media Player can stream between multiple PCs, but it can also stream to an Android phone or tablet, which, in many cases, is even more convenient.

Continue reading Stream media from Windows Media Player to Android

What you can learn about corporate networks from the Jeep hack

I’ve talked before about the infamous Jeep hack, but there’s more to learn from it than just that cars are vulnerable. The way Charlie Miller and Chris Valasek hacked the Jeep has implications for any computer network.

Continue reading What you can learn about corporate networks from the Jeep hack

Looking for a career change? Consider web app pentesting

IT jobs aren’t as easy to come by as they were 20 years ago, but there’s one subset of the field that I don’t see slowing down any time soon. Unfortunately it’s a poorly understood one.

But if you spent any significant time in the 1980s or early 1990s abusing commercial software, especially Commodore and Apple and Atari and Radio Shack software, I’m looking at you. Even if you don’t know it, you’re uniquely qualified to be a web app pentester.

Continue reading Looking for a career change? Consider web app pentesting

Stunt Hacking: Why Charlie Miller hacked a Jeep driving on I-64

St. Louis-based security researcher Charlie Miller and his collaborator Chris Valasek got themselves in the news this week by hacking a Jeep driven by Wired journalist Andy Greenberg on I-64.

The reaction was mixed, but one common theme was, why I-64, where lives could have been at risk, rather than an abandoned parking lot?

I don’t know Miller or Valasek, so it goes without saying I don’t speak for either one of them, but I think I have a pretty good idea why they did it that way.

Continue reading Stunt Hacking: Why Charlie Miller hacked a Jeep driving on I-64

Need a good, cheap dual gigabit NIC? I have just the thing.

If you need gigabit ports for your home server or router project and you’re short on available expansion slots, I have just the thing. Home sysadmins have known for a while that you can get cheap PCI-X Intel NICs and run them in PCI mode, but you may not know that you can find the very same thing by searching Ebay for HP 7170 and it’s usually cheaper. It’s not rare to find them for $7, shipped.

Continue reading Need a good, cheap dual gigabit NIC? I have just the thing.

How hard-coding your DNS can improve your security

I’ve long recommended hard-coding your DNS settings as a performance and reliability enhancement–here’s my guide for that–but it turns out it can be a security enhancement too.

Botnets targetting routers aren’t new at all, but there’s a particularly nasty one named Moose running around right now. Among other things, it changes routers’ DNS settings to point to rogue DNS servers that allow the attackers to steal your social media credentials, furthering the bot. Continue reading How hard-coding your DNS can improve your security

Data breaches don’t cost anything–so here’s why they matter

What seems like a million years ago, when Sony Pictures got breached, some pundits were predicting that was the end of the company. I always thought that was hyperbole, but I have to admit I never went to the extreme of saying breaches are nearly harmless, which seems to be the current popular thinking.

Indeed, a financial analyst went on the Down the Security Rabbit Hole podcast and said breaches are an investment opportunity. Just buy the dip.

Continue reading Data breaches don’t cost anything–so here’s why they matter

Hillary, hackers, threats, and national security

I got a point-blank question in the comments earlier this week: Did Hillary Clinton’s home-made mail server put national secrets at risk of being hacked by our enemies?

Depending on the enemies, maybe marginally. But not enough that any security professional that I know of is worried about it. Here’s why.

Continue reading Hillary, hackers, threats, and national security