David L. Farquhar, computer security professional, train hobbyist, and landlord
Sometimes you have a long list of IP addresses and need to know which ones are in a particular CIDR range. That’s easy enough to do by hand if it’s a nice, even multiple of 8. But usually it isn’t, so I wrote a simple script to determine if an IP is in a CIDR range.
In days of yore, computer magazines would publish short, useful programs and explain how they worked. That doesn’t happen anymore. Consider this a throwback post.
When you work with Qualys long enough, it’s inevitable that you’ll eventually find them: Zero-day vulnerabilities in software that’s several years old, with no patch available. There’s no easy answer about what to do with them, but here’s some advice for old Qualys zero-day vulnerabilities.
Zero-day vulnerabilities by definition have no vendor-supplied patch. Typically a vendor issues a patch a few days or weeks after a zero-day comes out, but there are a few zero-days from the 2007 timeframe that never got patches released, and those vulnerabilities require another type of mitigation.
Qualys Assetview is the vendor-preferred way to search in Qualys. Admittedly, its Elasticsearch interface is slick. But Assetview doesn’t usually let you search by MAC address even though the field exists. So here’s how to search by MAC address in Qualys using other functionality in the tool.
Qualys Asset Search has the ability to search based on the presence of a QID and its results. So you can search on QID 43007 containing the results of the MAC address you want. If Qualys finds a match, it pulls up the machine you are looking for.
Any time Congress makes it illegal to robocall you, they exempt political calls. That makes it hard to stop unwanted political calls and it pretty much means your phone is going to ring off the hook in the runup to the election. But you can still get peace regardless. Here’s how to stop phone calls from political parties if you don’t want them.
Most robocall services or apps block political robocalls along with all the others. Many of them work with landlines and cell phones. If you have a landline phone that doesn’t work with robocall services, you can still use a device to block the calls.
If you’ve worked in security, or worked with security professionals, chances are you’ve heard about MS08-067. If the discussion was between security and another department, chances are it was a heated discussion. Just how bad is MS08-067? Are the security professionals exaggerating?
MS08-067, a Microsoft patch released on October 23, 2008, fixed the last really reliable remote code execution bug in Windows operating systems. All Windows NT-based operating systems prior to Windows 7 and Windows 2008R2 were susceptible to this vulnerability out of the box. It was an out-of-band release.
I had a discussion with a client last week that brought up the topic of out of band networks. Out of band networks are a good security measure for reducing risk. But what is an out of band network, and what can it do for you?
An out of band network is a separate network, separate from your main network that carries production data. It is a good practice to put management interfaces such as IPMI on an out of band network and require separate authentication to access the network. This allows you to provide access to necessary functionality while reducing the chances of people misusing or abusing it.
Can you listen to cell phone calls with a scanner? Can someone listen to your cell phone calls with a scanner? Depending on who you are, I have good news and bad news.
It’s always been possible to listen to analog cell phone calls with a cheap police scanner. But modern cell phones, including smartphones, are digital and encrypted, so listening to them requires costlier equipment like a Stingray device, limiting cell phone snooping to government agencies and others with huge budgets.
If you’re looking for the least popular people in any given company, the people who push patches probably rank high on that list. I pushed patches for a living for nearly a decade, so I know. I was good at it though. Let’s talk about patch management best practices.
I do a lot of work with CSV files, sometimes very large CSV files, for a living. And sometimes it’s not practical, or possible, to do what I need to do entirely in Excel. Merging files is an example. So here’s how to merge CSV files on various platforms from a command line so you can get it done quickly and efficiently.
Dealing with false positives is a fact of life for a vulnerability analyst. So here are some tips for investigating and dealing with Nessus false positives from a system administrator turned vulnerability analyst. Read more