All posts tagged sysadmin

Yes, we need to run vulnerability scans inside the firewall

I got an innocent question last week. We’d been scanning an AIX server with Nexpose, a vulnerability scanner made by Rapid7, and ran into some issues. The system owner then asked a question: The server is behind a firewall and has no direct connection to the Internet and no data itself, it’s just a front-end to […]

How to become an Info Assurance Analyst

So, CNN/Money ran a story on the best 100 jobs in the United States, based on pay, projected job growth over the next 10 years, and quality of life ratings. And there was my job title, at #9. The field desperately needs more of us, so I’m happy to share with you how to become […]

Why every breach is different

I’ve grown used to being asked what unpatched vulnerability was used in the most recent breach, in an effort to make sure some other company is protected. I appreciate the desire to learn from other companies’ mistakes and not repeat them. But there are several reasons why the answer to that question is complicated, and not […]

I fought the white screen, and I won!

WordPress occasionally suffers from the dreaded “white screen of death,” where you visit an admin page and, instead of being able to do what you want to do, you get a blank white screen. Meanwhile, the blog continues to function. If you have scheduled posts, they keep going. But with no admin access, the blog […]

The dwindling writing market

I get the occasional query from people who say I should promote my blog more, so that I can get an audience and write a book about this or that, and then I read stuff like this. Basically, writing is getting more and more commoditized, and writers are making less and less, not that they […]

Fixing the .NET Framework when it b0rks on you

The bane of my existence as a sysadmin was .NET. It would corrupt itself randomly, sometimes taking with it this awful CA product written in .NET that nobody else wanted anything to do with. In my day I’d reinstall service packs and the latest patches and one of the six things we tried would fix […]

CMD.EXE and its shellshock-like qualities

“So did you know there’s a Windows version of Shellshock?” a coworker asked the other day. “What, Cygwin’s bash?” I asked. “No, in CMD.EXE.” I thought for a second, back to some really nasty batch files I’ve seen that do goofy stuff with variables and parenthesis and other reserved characters. Suddenly it made sense. Those […]

Some tough-love money advice I missed before

I find little, if anything, to disagree with in this tough-love post from Mr. Money Mustache from February: Why the middle-class keeps giving itself the shaft. I find several takeaways from it.

A security professional fights back against tech support scammers

I guess Matt Weeks is as sick as I am of tech support scammers, because he developed a way to fight back, in the form of a Metasploit module that exploits a software defect in the AMMYY remote access tool that these scammers sometimes use. Metasploit is a tool that penetration testers use to demonstrate–with permission–how […]

How to clean up a Windows server

From time to time, Windows patches will fail to install because a server doesn’t have enough space to install them. Finding the ginormous files are that are hogging all the space on the C drive is really tedious if you do it by clicking around in Windows Explorer, but there’s a better way. Download the free Sysinternals […]