Tag Archives: sysadmin

Yes, we need to run vulnerability scans inside the firewall

I got an innocent question last week. We’d been scanning an AIX server with Nexpose, a vulnerability scanner made by Rapid7, and ran into some issues. The system owner then asked a question: The server is behind a firewall and has no direct connection to the Internet and no data itself, it’s just a front-end to two other servers. Is there any reason to scan a server like that?

In my sysadmin days, I asked a similar question. Nobody could give me an answer that was any better than “because reasons.” So I’ll answer the question and give the reasons.

Continue reading Yes, we need to run vulnerability scans inside the firewall

How to become an Info Assurance Analyst

So, CNN/Money ran a story on the best 100 jobs in the United States, based on pay, projected job growth over the next 10 years, and quality of life ratings. And there was my job title, at #9.

The field desperately needs more of us, so I’m happy to share with you how to become someone like me. Continue reading How to become an Info Assurance Analyst

Why every breach is different

I’ve grown used to being asked what unpatched vulnerability was used in the most recent breach, in an effort to make sure some other company is protected.

I appreciate the desire to learn from other companies’ mistakes and not repeat them. But there are several reasons why the answer to that question is complicated, and not necessarily helpful.

Continue reading Why every breach is different

I fought the white screen, and I won!

WordPress occasionally suffers from the dreaded “white screen of death,” where you visit an admin page and, instead of being able to do what you want to do, you get a blank white screen. Meanwhile, the blog continues to function. If you have scheduled posts, they keep going. But with no admin access, the blog essentially becomes a ghost ship.

Several of the causes are pretty well documented, so I’ll talk about mine instead of rehashing old advice you can easily find elsewhere. Continue reading I fought the white screen, and I won!

The dwindling writing market

I get the occasional query from people who say I should promote my blog more, so that I can get an audience and write a book about this or that, and then I read stuff like this. Basically, writing is getting more and more commoditized, and writers are making less and less, not that they ever made much in the first place. And then I heard on a podcast that the average technical book sells 5,000 copies.

Fifteen years ago, I was in the home stretch of writing a book–my first, and so far only book. All told, I made around $13,000 off that book, between book royalties and publishing derivative articles in magazines, all before taxes, of course. I wrote about 20 hours a week for six months to do it, so, perhaps if I’d made it my full-time gig, I might have been able to make $52,000 a year. But that was when computer books were hot and big-box book stores were booming. I’m not confident I could make $52,000 as an author today. Continue reading The dwindling writing market

Fixing the .NET Framework when it b0rks on you

The bane of my existence as a sysadmin was .NET. It would corrupt itself randomly, sometimes taking with it this awful CA product written in .NET that nobody else wanted anything to do with.

In my day I’d reinstall service packs and the latest patches and one of the six things we tried would fix it. I rarely knew which one. But that was five years ago. Today, as long as you’re running .NET 4.5.1 or earlier, Microsoft has an automated tool that repairs it. You can run it as a GUI app or from a command line or script. Curiously, it doesn’t support 4.5.2 yet–maybe that means 4.5.2 doesn’t break. We can dream, right?

Normally I’d say upgrade to 4.5.2 since its end of life is in 2023, as opposed to 2016, but until the fix gets revised to support 4.5.2, I won’t blame you for staying back on 4.5.1. Availability is 1/3 of security, after all.

CMD.EXE and its shellshock-like qualities

“So did you know there’s a Windows version of Shellshock?” a coworker asked the other day.

“What, Cygwin’s bash?” I asked.

“No, in CMD.EXE.”

I thought for a second, back to some really nasty batch files I’ve seen that do goofy stuff with variables and parenthesis and other reserved characters. Suddenly it made sense. Those cryptic batch files are exploiting the command interpreter to do things that shouldn’t be done. Then I smiled.

Continue reading CMD.EXE and its shellshock-like qualities

A security professional fights back against tech support scammers

I guess Matt Weeks is as sick as I am of tech support scammers, because he developed a way to fight back, in the form of a Metasploit module that exploits a software defect in the AMMYY remote access tool that these scammers sometimes use. Metasploit is a tool that penetration testers use to demonstrate–with permission–how hackable a computer network is. In this case, the would-be victim is penetration testing someone without permission. Run the module when the scammer connects to the would-be victim, and he or she gets a command prompt on the criminal’s PC. At that point, the would-be victim can break their computer, perhaps by deleting critical files, corrupting the Windows registry, or something else. Anything you can do from a command prompt would be possible at that point.

I’m anything but heartbroken that this threat exists, although I’m not going to do this myself. Let me explain. Continue reading A security professional fights back against tech support scammers

How to clean up a Windows server

From time to time, Windows patches will fail to install because a server doesn’t have enough space to install them. Finding the ginormous files are that are hogging all the space on the C drive is really tedious if you do it by clicking around in Windows Explorer, but there’s a better way.

Download the free Sysinternals Du.exe utility and you can find the behemoths in minutes, if not seconds. Continue reading How to clean up a Windows server