What defense in depth is in information security

What defense in depth is in information security

Defense in depth is a common phrase you hear in information security. It’s also frequently misunderstood. In this blog post, I’ll provide links to a couple of examples of defense in depth, and provide some insights into the mindset. Because more than anything else, defense in depth is a mindset that takes more than seeing examples to grasp.

Read more

Manage Engine Patch Manager review: Just what you needed

Manage Engine Patch Manager review: Just what you needed

I’ve been evaluating Zoho Manage Engine Patch Manager, and so far I like what I see. It is a capable patch deployment tool that supports Windows, Linux, and Macintosh, and crucially, it will deploy updates for third party applications, including open source applications, both popular and obscure.

Read more

Hosts file to stop Windows from spying on you

Hosts file to stop Windows from spying on you

Modern versions of Windows collect a huge amount of telemetry on you. But running older versions of Windows puts you at greater security risk, and running another OS may or may not always be feasible. So for those instances, it’s possible to use a hosts file to stop Windows from spying on you.

Read more

Protect your scanning credentials with defense in depth

Protect your scanning credentials with defense in depth

A common objection I hear to scanning systems with credentials is the fear of that account getting compromised. In this blog post, I will talk about ways to mitigate that risk using defense in depth. I will also explain why scanning with credentials is itself a vital component of defense in depth.

Read more

Mitigate curl vulnerabilities on Windows

Mitigate curl vulnerabilities on Windows

Microsoft’s monthly Windows updates include a binary copy of the open source utility curl. Microsoft is not especially diligent about keeping the utility up to date, and they take measures to stop you from updating it yourself. In this blog post, I’ll talk about how to go about mitigating the vulnerabilities when you can’t update with a patch.

Read more

CVE-2023-23378 Print 3D RCE remediation

CVE-2023-23378 Print 3D RCE remediation

The official fix for CVE-2023-23378 is to install 3D Builder from the Microsoft App Store, as Microsoft deprecated Print3D. A better, more scalable fix is to uninstall the vulnerable component with a Powershell command.

I get a fair number of questions about vulnerabilities in Microsoft Store apps in my day job, so I share my notes and observations in case they’ll help other people as well.

Read more

CVE-2023-36739 Microsoft 3D Viewer Remote Code Execution remediation

CVE-2023-36739 Microsoft 3D Viewer Remote Code Execution remediation

If you’re dealing with CVE-2023-36739, CVE-2023-36740, and CVE-2023-36760 Microsoft 3D Viewer Code Execution remediation, the best way to do it, assuming you’re not using the app, is to uninstall it. Here’s why this is OK to do, and how to do it. Fixing Windows Store vulnerabilities is hard. And Microsoft 3D Viewer has a history of high severity vulnerabilities dating back to October 2020, so uninstalling it can save you future remediation work.

I get a fair number of questions about vulnerabilities in Microsoft Store apps in my day job, so I share my notes and observations in case they’ll help other people as well.

Read more

Whitelist vs blacklist

Whitelist vs blacklist

I’m not a big fan of the whitelist and blacklist terminology. The language is potentially harmful, but besides the racial implications, it’s also unclear. In this blog post, I’ll go over the traditional meaning of whitelist vs blacklist, and you’ll see why I say the alternative, dare I say progressive, terminology is also much more clear.

Read more

CVE-2023-33140 OneNote Spoofing remediation

CVE-2023-33140 OneNote Spoofing remediation

If you need to resolve CVE-2023-33140 OneNote Spoofing remediation, the best way to do it is to uninstall it. Here’s why this is OK to do, and how to do it. Fixing Windows Store vulnerabilities is hard.

Read more

Force a Nessus agent scan on demand

Force a Nessus agent scan on demand

Tenable’s Nessus agent has a fair bit of underappreciated power. The ability to force a Nessus agent scan on demand is a feature I hear people ask for a lot, without knowing the capability already exists. There’s a bit of setup that needs to happen in the cloud, but once you do that, a sysadmin can perform scan on demand from the host.

You can force a Tenable Nessus Agent scan on demand by dropping a file into a user-specified location, or running the nessuscli command. Read more