security Archives

Home » security » Page 11

Qualys false positives

Dave Farquhar security April 16, 2020November 23, 2022

I’m not sure any three words strike more fear into the hearts and minds of security analysts than the words “Qualys false positives.” Some number of false positives is unavoidable. But the perceived number of false positives is usually an order of magnitude larger than the real number of false positives. Here’s how to estimate how many you should have, how to investigate them, and break the gridlock.

Dave Farquhar

David Farquhar is a computer security professional, entrepreneur, and author. He has written professionally about computers since 1991, so he was writing about retro computers when they were still new. He has been working in IT professionally since 1994 and has specialized in vulnerability management since 2013. He holds Security+ and CISSP certifications. Today he blogs five times a week, mostly about retro computers and retro gaming covering the time period from 1975 to 2000.

dfarq.homeip.net

Is Windows 7 safe to use?

Dave Farquhar security, Windows April 14, 2020July 23, 2023

Is Windows 7 safe to use? No. Next question? Alright, I guess I need to explain why, without being so dismissive.

Support for Windows 7 ended in January 2020, which means there have been no new security updates for Windows since. That means Windows 7 isn’t safe to use, even with a firewall and antivirus.

Dave Farquhar

dfarq.homeip.net

Kevin Mitnick security awareness training – can you trust him?

Dave Farquhar security April 9, 2020January 23, 2022

A former classmate told me his employer is making him take Kevin Mitnick’s security awareness training course. “Is he really the world’s most famous hacker?” he asked me. “And if he is, why should I trust a word he says?”

Those are excellent questions. I happen to have reviewed all of Kevin Mitnick’s various courses for a previous employer, so I’m familiar with them. And I had to take Kevin Mitnick Security Awareness Training this year myself. I don’t agree with the life decisions Kevin Mitnick made that landed him in prison, of course. But overall, I had only very minor objections to his training. Here’s why.

Dave Farquhar

dfarq.homeip.net

What is a phreaker in hacking or IT terms?

Dave Farquhar Retro Computing, security March 10, 2020March 7, 2020

What is a phreaker in hacking or IT terms? Phreaking is largely obsolete and doesn’t happen much anymore, but it’s an important historical concept in computer security. While phreaking wasn’t the first form of hacking, it’s probably the first example of hacking in a modern sense.

Phreaking was hacking the phone system, usually to make long distance calls for free. Some people phreaked for the thrill of it, but many of them did it because they made more long distance calls than they could afford. Two famous phreakers from the 1970s were Steve Jobs and Steve Wozniak, the co-founders of Apple.

Dave Farquhar

dfarq.homeip.net

What is infosec?

Dave Farquhar security February 12, 2020February 9, 2020

When I first started interviewing for security jobs, I remember some of the jargon confusing me. “Infosec” was one of those terms. Getting that first job is hard enough without getting your resume binned over not knowing the word infosec. So what is infosec, what does it stand for, and how do you talk intelligently about it?

Dave Farquhar

dfarq.homeip.net

Is the Honey Chrome extension safe?

Dave Farquhar security January 16, 2020January 13, 2020

Amazon took some people aback when they said Honey, a company recently bought by Paypal, was a security risk. That raised some questions. Is the Honey Chrome extension safe? Is Honey a security issue? Let’s dig into it.

While it may be difficult or impossible to pinpoint any specific security issue in Honey, that doesn’t necessarily give it the green light. Regardless of how secure it may be, Honey definitely has privacy concerns, and that’s why security experts have concern about it.

Dave Farquhar

dfarq.homeip.net

Why we have a cybersecurity talent shortage

Dave Farquhar security November 18, 2019March 26, 2024

We have a cybersecurity talent shortage. You know it, and I know it. But part of the problem is self-inflicted. We don’t know how to interview.

A common complaint about security professionals is that we’re all smug know-it-alls. We have that reputation because that’s precisely the kind of person our interview process is designed to find. We won’t solve the cybersecurity talent shortage and our people skills problem until we get beyond looking for people who can pass CISSP in a suit.

Dave Farquhar

dfarq.homeip.net

What is fuzzing?

Dave Farquhar security November 14, 2019October 20, 2019

What is fuzzing? Fuzz testing, or fuzzing, is a concept in computer security. Like the name suggests, it’s the practice of sending messed-up data to a system to see how it behaves. A good computer system should handle fuzzing gracefully. As you might guess, not all do.

When a computer receives data it doesn’t expect, it may malfunction in unpredictable ways. Fuzzing attempts to find those malfunctions.

Dave Farquhar

dfarq.homeip.net

Valid reasons for running unauthenticated vulnerability scans

Dave Farquhar security November 5, 2019October 12, 2019

Authenticated vulnerability scans are usually better than unauthenticated scans. But sometimes there are valid reasons for running unauthenticated vulnerability scans. Here are some reasons you might want to do that.

The main reason to run unauthenticated vulnerability scans is to limit the information you share with people outside your organization, such as auditors. But they are also helpful for preparing for penetration tests.

Dave Farquhar

dfarq.homeip.net

How to view your Twitter inferred interests

Dave Farquhar security October 23, 2019October 19, 2019

Social media infers a lot about you. After all, if the service is free, you’re the product. Here’s how to view your Twitter inferred interests and see what Twitter thinks it knows about you.

Dave Farquhar

dfarq.homeip.net