If you’ve worked in security, or worked with security professionals, chances are you’ve heard about MS08-067. If the discussion was between security and another department, chances are it was a heated discussion. Just how bad is MS08-067? Are the security professionals exaggerating?
MS08-067, a Microsoft patch released on October 23, 2008, fixed the last really reliable remote code execution bug in Windows operating systems. All Windows NT-based operating systems prior to Windows 7 and Windows 2008R2 were susceptible to this vulnerability out of the box. It was an out-of-band release.
I had a discussion with a client last week that brought up the topic of out of band networks. Out of band networks are a good security measure for reducing risk. But what is an out of band network, and what can it do for you?
An out of band network is a separate network, separate from your main network that carries production data. It is a good practice to put management interfaces such as IPMI on an out of band network and require separate authentication to access the network. This allows you to provide access to necessary functionality while reducing the chances of people misusing or abusing it.
Can you listen to cell phone calls with a scanner? Can someone listen to your cell phone calls with a scanner? Depending on who you are, I have good news and bad news.
It’s always been possible to listen to analog cell phone calls with a cheap police scanner. But since modern cell phones, including smartphones, are digital, you can’t listen to those calls with a scanner. It requires costlier equipment like a Stingray device, or something similar that grabs the digital signal and decrypts it. That limits cell phone snooping to government agencies and other people with huge budgets.
If you’re looking for the least popular people in any given company, the people who push patches probably rank high on that list. I pushed patches for a living for nearly a decade, so I know. I was good at it though. Let’s talk about patch management best practices.
I do a lot of work with CSV files, sometimes very large CSV files, for a living. And sometimes it’s not practical, or possible, to do what I need to do entirely in Excel. Merging files is an example. So here’s how to merge CSV files on various platforms from a command line so you can get it done quickly and efficiently.
Dealing with false positives is a fact of life for a vulnerability analyst. So here are some tips for investigating and dealing with Nessus false positives from a system administrator turned vulnerability analyst. Read more
When it comes to file types you should never trust, PIF belongs high on the list. PIF used to be an important file type, but it’s largely obsolete today. But if you’re curious, here’s the PIF file type meaning.
Get ready for a trip down computing history lane. But this once-important file format is risky today. In all honesty, it’s largely outlived its usefulness in most instances.
Cryptography is one of the more difficult concepts to master when studying for a certification like CISSP. I know from my own experience it’s really easy to let the details overwhelm you. After seeing an acquaintance’s Linkedin post, I thought I’d write about cyber security and cryptography and what you really need to know.
Let me start with one thing. I have never, ever had to encode or decode anything by hand. I’m very confident I can stay employed another 20 years in the cyber security field and never have to do the math myself.