security

Does HTTPS matter? Yes. Here’s why.

Dave Farquhar security ,
Does HTTPS matter? Yes. Here’s why.

“Does HTTPS matter?” a friend of a friend asked. “I heard it does. Is that still true?” Yes, yes, and yes. Here’s why.

HTTP connections are unencrypted. HTTPS connections are encrypted. You can tell when you’re using HTTPS because the URLs start with https:// instead of http://, and your location bar will have a lock in it. Encryption is good.

Read more

How a dictionary attack works

Dave Farquhar security , , ,
How a dictionary attack works

A dictionary attack is a common way to steal a password. Here’s how a dictionary attack works, in layperson’s terms. More importantly, here’s how to beat the attack.

A dictionary attack is a much more efficient alternative to brute force hacking, but it requires a local copy of the user database to work. That usually means stealing the database first, if a bad guy is doing it. But nothing stops a company from doing a dictionary attack on its own user accounts to make sure people aren’t using insecure passwords. It’s unusual, but not unheard of.

Read more

Best free antivirus

Dave Farquhar security , , , , , , ,

What’s the best free antivirus? I have an answer that may surprise you. I also have a supplement that may surprise you. And I have a third supplement you already have but probably never heard of.

Keep something in mind. I don’t like using words like “good” and “best” in the same sentence as antivirus software. Imagine a college graduating class whose valedictorian is Chris Farley’s character from the movie Tommy Boy. What you want from your antivirus software is something that doesn’t do a lot of damage.

Read more

Splunk vs Loglogic: Battle of the logs

Dave Farquhar security , ,

If you need a centralized logging solution for your business, you’ll need to consider Splunk vs Loglogic. I have experience with both in corporate environments.

I guess you can say I spent a lot of time configuring and waiting on Loglogic. I spent a little time configuring Splunk and a lot of time turning the data inside it into knowledge.

Read more

Is my IT department spying on me?

Dave Farquhar Careers, security , , ,
Is my IT department spying on me?

There’ve been some stories floating around about how to make your IT department spy on you. The advice is good. The question you may be asking is how much does your IT department really know? Or, more directly, is my IT department spying on me?

I can’t answer the second question with certainty. But the first question is a lot. I’ll tell you a story.

Read more

Clean malware from a router

Dave Farquhar security ,
Clean malware from a router

I see a few misleading articles out there promising to tell you how to scan your router for malware or viruses. Unfortunately they don’t really explain the problem. They also don’t explain the alternative way to solve the problem you want to solve. What you really want to do is clean malware from a router–and viruses too. And that’s something you can do pretty easily. For free.

Yes, that’s right. You won’t have to pay 50 bucks a year for a subscription to keep your router clean.

Read more

Using the DD-WRT firewall

Dave Farquhar DD-WRT, security
Using the DD-WRT firewall

I get a lot of questions about the DD-WRT firewall. There’s a lot of talk out there that goes deep into theory and advanced firewall usage, but what if you just want to know how to set up your firewall to protect your network and open up a few ports?

Here’s how to set that up.

Note: If you have multiple DD-WRT boxes running as access points like I do, only the one directly plugged into the Internet needs to be configured this way. Disable the SPI firewall on your internal access points.

Read more

SQL injection explained

Dave Farquhar security ,

I’ve never seen SQL injection explained really well, until one of my coworkers did just that. I’m going to try to repeat his explanation here, because SQL injection is something that everyone seems to expect everyone else to just know.

SQL injection (sometimes abbreviated SQLi) is the technical term for getting a form in a web site to run SQL commands when it shouldn’t. You need to know this if you get into vulnerability management and especially web app pen testing. Here’s what it is and how and why it works.

Read more

How to become a Technical Account Manager

Dave Farquhar security

Almost as soon as I became a Technical Account Manager, I started getting questions about how to become one. I understand why; if you have the right level of experience, it’s a good job. The work tends to be pretty interesting and varied without a lot of tedious and repetitive tasks, and the job can pay well.

Read more

What is vltov1?

Dave Farquhar security

On the afternoon of July 5, 2016, a mysterious directory called vltov1 appeared in the filesystem of my web server. A few files on my site changed, and soon my blog crashed, due to changes I’d made in the database structure.

Something connected to this vltov1 was trying to hack my site further, but had made some assumptions based on me running WordPress that happened to be wrong.

Read more