Author: Dave Farquhar

How to mitigate MS15-078 or future Microsoft font driver vulnerabilities

Dave Farquhar security , , , , , , ,

Microsoft rushed out an out-of-band patch, MS15-078, to deal with active exploits in their font driver yesterday. Since pushing out patches takes time, my boss asked me what we could do to mitigate the issue in the meantime.

The biggest threat, by far, is exploit-bearing fonts being downloaded from web sites. Ideally you only install trusted fonts from trusted sources locally on your workstations, right? If not, I suggest you start that practice as well.

You have a couple of options when it comes to blocking fonts in browsers.

Read more

Health insurance between jobs

Dave Farquhar Health , ,
Health insurance between jobs

I recently changed jobs, and although I’ve dealt with gaps in medical coverage before, I didn’t anticipate everything this time. Let’s talk about what to do for health insurance between jobs. And let’s talk coverage too–they aren’t always the same thing.

First things first: gaps are likely, and the laws are written under the assumption that small gaps will happen. The system still isn’t what I would call fair, not that it ever has been, but generally it’s possible to navigate the system and get the coverage you need. I’m not here to complain about the system; I’m here to tell you what I did, or could have done, to navigate it.

Read more

Yes, an ethical journalist protects his/her sources

Dave Farquhar Writing , ,

An anonymous reader asked why journalists protect their sources.

It’s a fair question but an easy one to answer. Part of a journalist’s role in society is accountability. When something is wrong, the journalist is supposed to raise awareness.

Read more

Why this latest attempt to resurrect the Commodore brand will probably flop

Dave Farquhar Android, Retro Computing , , , , , , , , ,
Why this latest attempt to resurrect the Commodore brand will probably flop

The Commodore brand is back again, this time on an Android smartphone. For a premium price, you get an Android 5.0 phone with the Commodore logo on it, preloaded with VICE and an Amiga emulator, which, between the two of them, emulate just about everything Commodore ever made, except, perhaps, the products that can be emulated with the Android calculator app.

But I don’t expect this attempt to be any more successful than earlier efforts to resurrect the brand.

Read more

Expect a rough road ahead for Flash

Dave Farquhar security , , , , , , , , , ,

Adobe has patched Flash twice in two weeks now. The reason for this was due to Hacking Team, an Italian company that sells hacking tools to government agencies, getting hacked. Hacking Team, it turns out, knew of at least three unpatched vulnerabilities (also known as “zero-days” or “0days”) in Flash, and exploits for these vulnerabilities were among the things that got breached.

That’s why Adobe is having a bad month.

Read more

What to look for in a performance SSD

Dave Farquhar Hardware ,

The Register has a nice writeup on performance SSDs. The only problem is that performance is really a matter of diminishing returns, and The Reg didn’t report on random I/O.

Read more

Why you can’t get to Google and Facebook on AT&T U-Verse

Dave Farquhar Servers and Networking ,

If you have AT&T U-Verse, from time to time you may have issues with Facebook or Google sites like Youtube not working, while the rest of the Internet works fine.

The solution is simple but non-obvious: Disable IPv6.

Read more

My sons and the chiropractor

Dave Farquhar Health, Parenting

I take my sons to the chiropractor once a month. Their fame precedes them, and for good reason.

Read more

How do you conduct yourself as a security professional?

Dave Farquhar security

At a recent job interview, the CISO asked me a really good question that I wish more people would ask.

He asked me how I conduct myself as a security professional when dealing with the rest of IT.

Read more

Work-life integration vs. work-life balance

Dave Farquhar Health, security

I wanted to bring up another subtopic from Dr. Ellen Langer’s interview on the Social Engineer podcast: work-life integration. It’s important to consider work-life integration vs. work-life balance.

Dr. Langer stated that work-life balance is inherently unhealthy, because the idea creates a notion that you have to be one person at home and a completely different person at work. She didn’t put it this bluntly, but essentially it means living a lie at least part of the time. She did say nobody should want to live life like that.

Read more