security Archives

Home » security » Page 18

In defense of Intel, a little

Dave Farquhar security January 5, 2018March 27, 2025

So, if you haven’t heard about Spectre and Meltdown, you can read my analysis over at my employer’s blog. I won’t compete with them. Let’s talk about the heat Intel is taking over this, and why I think it’s at least slightly unfair.

Dave Farquhar

David Farquhar is a computer security professional, entrepreneur, and author. He has written professionally about computers since 1991, so he was writing about retro computers when they were still new. He has been working in IT professionally since 1994 and has specialized in vulnerability management since 2013. He holds Security+ and CISSP certifications. Today he blogs five times a week, mostly about retro computers and retro gaming covering the time period from 1975 to 2000.

dfarq.homeip.net

Microsoft Windows unquoted service path enumeration fix

Dave Farquhar security December 20, 2017September 16, 2023

Tenable plugin 63155 and Qualys QID 105484 reference a high-severity vulnerability regarding unquoted search paths. Unfortunately the fix action tends to be a bit vague. If you’re looking for a way to fix the Microsoft Windows unquoted service path enumeration, you’ve come to the right place. Here’s how to fix an unquoted path for Windows services.

Dave Farquhar

dfarq.homeip.net

How long to study for CISSP

Dave Farquhar security November 29, 2017November 19, 2017

People frequently ask me how long to study for CISSP. Unfortunately it’s hard to give a set answer for that, but I can tell you how to figure out how long you need to study for it. That’s almost as good.

Don’t believe anyone who tells you they can get you ready in x number of days or weeks or even months. No one can know where you are relative to what you need to know to pass that test.

Dave Farquhar

dfarq.homeip.net

What does a CISSP do?

Dave Farquhar security November 22, 2017October 14, 2017

A CISSP is a professional certification. To attain CISSP, a professional must pass a six-hour, 250-question test and must have five years of professional experience doing work related to computer security. But after attaining the certification, what does a CISSP do?

An easy question on the test would involve what you have to be concerned about when running network cable through an HVAC duct. A medium-difficulty question might ask whether the CDMA or GSM standard for cell phones is more secure, and why. A hard question or series of questions would involve reading several pages of executive summary about a data breach and making recommendations to prevent it from happening again.

Dave Farquhar

dfarq.homeip.net

How to get a job in information security

Dave Farquhar Careers, security November 17, 2017May 15, 2018

I got involved in a pair of conversations in the last week. One person complained that there’s a job shortage in information security but she can’t get one. Another complained there’s a job shortage in information security and he can’t find qualified candidates to fill them. In that spirit, here’s my advice on how to get a job in information security.

Dave Farquhar

dfarq.homeip.net

Difference between antivirus and antimalware

Dave Farquhar security October 27, 2017October 23, 2017

The difference between antivirus and antimalware is largely academic, but understanding it can help you understand what protection you’re getting when you buy off-the-shelf security software.

I have to explain it myself pretty frequently, because people will see the words “antimalware” in my employer’s product brochures and they immediately say, “Tell me about your antivirus.”

Dave Farquhar

dfarq.homeip.net

Add SSL to WordPress

Dave Farquhar Apache, security, Wordpress October 20, 2017January 28, 2018

I had to add SSL to WordPress recently. I’d tried it before without success, but this time it was surprisingly easy. My downtime was minutes, at most, and I saw a small bump in traffic within days.

My walkthrough assumes you are running WordPress on Linux and you have shell access. It will be different on other setups.

Dave Farquhar

dfarq.homeip.net

How hard is Security+?

Dave Farquhar security October 4, 2017October 10, 2017

Many jobs require Security+, and even if a job doesn’t require it, having Security+ can help you break into your first security job. So how hard is Security+?

Even if you don’t work in security, but work with security, say, as a system administrator, having Security+ is helpful, as it can help you understand why a security analyst is asking for something. When you understand motive, then the relationship can move from following orders to something more collaborative, which is always a good thing.

Dave Farquhar

dfarq.homeip.net

The update is already installed on this system

Dave Farquhar security, Windows September 13, 2017March 17, 2023command prompt, vulnerability, Windows Explorer

I had an update on my work laptop in a partially installed state. Our vulnerability scanner determined one file, MSO.dll, was still out of date. It recommended a patch to apply. Running it gave me an error message. Here’s what to do when Windows says the update is already installed on this system and refuses to let you do anything but click OK.

Because hey, from a security analyst’s point of view, this is anything but OK. I get questions about patches in a partially deployed state all the time, so I figured I’d write about it. Here’s what I do when security updates fail to apply with this error.

Dave Farquhar

dfarq.homeip.net

Finding and blocking an abusive host from your Apache log

Dave Farquhar Apache, security August 17, 2017August 17, 2017apache, datacenter, ips, New York, yahoo

My web site slowed to a crawl last night, my CPU usage soared to 100%, and my built-in security measures weren’t helping. I ended up having to do some old-school Linux sysadmin work to stop them.

I haven’t been an everyday sysadmin since 2009. But every once in a while I can still come off the bench and do this stuff.

Dave Farquhar

dfarq.homeip.net