security Archives

Home » security

Hash collisions in computer security

Dave Farquhar Retro Computing, security March 18, 2024March 16, 2024 0 Comment

Last week, Robin of the YouTube channel 8-bit Show and Tell wondered out loud on Twitter why Chrome flags Netracer 1.1, a modern indie Commodore 64 game, as malware. I think this is a classic case of hashing algorithms having gone wrong. In this blog post, I’ll explain what a hash collision is, using this collision of my hobby of retro computing and my day job of information security as an example.

Dave Farquhar

David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.

dfarq.homeip.net

Resume hacks for your first security job

Dave Farquhar security March 12, 2024March 12, 2024 0 Comment

I conduct a fair number of interviews, and that means I see a lot of resumes. In my most recent round of interviews, I was interviewing intern candidates. There was absolutely nothing wrong with their resumes. They built exactly the type of resumes their counselors tell them to. In this blog post, I’ll tell you what your counselors in school aren’t telling you about resumes, including hacks to help you land your first security job.

Dave Farquhar

dfarq.homeip.net

You don’t need cyber threat intelligence. Buy this instead

Dave Farquhar security March 4, 2024March 2, 2024 0 Comment

Last week I saw another hot take on Twitter. This Twitter influencer asserted that for most organizations, Cyber Threat Intelligence (CTI) is a waste of money and they would be better off spending that money elsewhere. In this blog post, I will dig into this argument, including what proper use of Cyber Threat Intelligence looks like.

Dave Farquhar

dfarq.homeip.net

Is CISSP worth it in 2024? How to know

Dave Farquhar security February 26, 2024February 19, 2024 0 Comment

I’ve had two different people ask me in the last month if CISSP is still worth it in 2024. I have mixed feelings, so in this blog post, I’ll explore this complicated question so you can decide if CISSP is still worth it for you.

Dave Farquhar

dfarq.homeip.net

Wireshark security risk and how to manage it

Dave Farquhar security February 19, 2024February 19, 2024 0 Comment

A couple of social media influencers got into an argument over banning Wireshark in corporate environments because Wireshark is a security risk. While I don’t like getting involved in this type of drama, the argument does raise an important point in information security and vulnerability management. It’s very important as a security professional not to overplay the hand you’re dealt.

Dave Farquhar

dfarq.homeip.net

How Tenable sets plugin severity

Dave Farquhar security February 6, 2024March 11, 2024

How Tenable sets plugin severity is a question customers have been asking me for years, dating back to the days I worked for Tenable partners. It can be a bit complicated, so in this blog post I will explain what goes into Tenable plugin severity.

Dave Farquhar

dfarq.homeip.net

What peer benchmarking is in vulnerability management

Dave Farquhar security January 31, 2024February 19, 2024

Successful vulnerability management is deceptively simple. It comes down to being able to answer yes to two questions: Are you fixing the right things? And are you fixing them fast enough? But how fast is fast enough? In this blog post, I’ll explain how I use peer benchmarking to help companies figure out how fast is fast enough. I’ll also explain how to know if your security policies are less popular than speed limit laws, and why that will make them fail.

Dave Farquhar

dfarq.homeip.net

What happened to NCIX

Dave Farquhar Retail, security January 23, 2024January 22, 2024

NCIX was a Canadian computer retailer, similar in concept to Fry’s or Micro Center. It went out of business in 2017 and its data was breached in 2018. Here’s what happened to NCIX.

Dave Farquhar

dfarq.homeip.net

Why physical destruction of RAM is sometimes necessary

Dave Farquhar security January 22, 2024November 26, 2023

I found this photograph along with the question about its intent. The photo was a RAM module with holes drilled in it. The person who posted the photograph asked a very valid question as to why physical destruction of RAM is necessary.

Dave Farquhar

dfarq.homeip.net

SCCM vs WSUS

Dave Farquhar security December 18, 2023December 16, 2023

Since I work for a vulnerability management company, I get tons and tons of questions about patch management. I don’t speak for my employer, and they probably don’t have an opinion since neither product comes close to meeting their needs. But I’m glad to share what I know. Recently, someone asked me which is better, SCCM or WSUS. My answer probably was not what they were expecting me to say.

Dave Farquhar

dfarq.homeip.net

← Previous