How bad is MS08-067?

How bad is MS08-067?

If you’ve worked in security, or worked with security professionals, chances are you’ve heard about MS08-067. If the discussion was between security and another department, chances are it was a heated discussion. Just how bad is MS08-067? Are the security professionals exaggerating?

MS08-067, a Microsoft patch released on October 23, 2008, fixed the last really reliable remote code execution bug in Windows operating systems. All Windows NT-based operating systems prior to Windows 7 and Windows 2008R2 were susceptible to this vulnerability out of the box. It was an out-of-band release.

Read more

What is an Out of Band Network?

What is an Out of Band Network?

I had a discussion with a client last week that brought up the topic of out of band networks. Out of band networks are a good security measure for reducing risk. But what is an out of band network, and what can it do for you?

An out of band network is a separate network, separate from your main network that carries production data. It is a good practice to put management interfaces such as IPMI on an out of band network and require separate authentication to access the network. This allows you to provide access to necessary functionality while reducing the chances of people misusing or abusing it.

Read more

Can you listen to cell phone calls with a scanner?

Can you listen to cell phone calls with a scanner?

Can you listen to cell phone calls with a scanner? Can someone listen to your cell phone calls with a scanner? Depending on who you are, I have good news and bad news.

It’s always been possible to listen to analog cell phone calls with a cheap police scanner. But modern cell phones, including smartphones, are digital and encrypted, so listening to them requires costlier equipment like a Stingray device, limiting cell phone snooping to government agencies and others with huge budgets.

Read more

PIF file type meaning

When it comes to file types you should never trust, PIF belongs high on the list. PIF used to be an important file type, but it’s largely obsolete today. But if you’re curious, here’s the PIF file type meaning.

Get ready for a trip down computing history lane. But this once-important file format is risky today. In all honesty, it’s largely outlived its usefulness in most instances.

Read more

Cyber security and cryptography

Cyber security and cryptography

Cryptography is one of the more difficult concepts to master when studying for a certification like CISSP. I know from my own experience it’s really easy to let the details overwhelm you. After seeing an acquaintance’s Linkedin post, I thought I’d write about cyber security and cryptography and what you really need to know.

Let me start with one thing. I have never, ever had to encode or decode anything by hand. I’m very confident I can stay employed another 20 years in the cyber security field and never have to do the math myself.

Read more

WordPress Appliance - Powered by TurnKey Linux