security

Advantages of Windows 10

Dave Farquhar security, Windows , , ,
Advantages of Windows 10

Now that Windows 10 is out, the questions I see most frequently are why someone should upgrade, or what benefits they get if they upgrade, or if there indeed is such thing as advantages to Windows 10.

While I understand the skepticism, and I think most people probably should wait a few months before upgrading a Windows 7 machine that’s working well, there are a number of compelling things Windows 10 has to offer.

Read more

Hacktivism is real, and getting more dangerous

Dave Farquhar security ,

Lost in the stories of last week was a story I really don’t want to talk about, but I have to: Planned Parenthood got hacked, and a database of its employees was stolen.

I don’t want to talk about it because the risk is this story becoming about abortion rather than about security. But it brings up a real problem: Now we know that political activists have the desire and the ability to hack into organizations they disagree with.

Read more

Five things security experts do vs. five things non-experts do

Dave Farquhar security , , , ,

There was a fair bit of talk last week about a study that compared security advice from security experts versus security advice from people who are at least somewhat interested but don’t live and breathe this stuff.

There were significant differences in the answers, and a lot of security professionals panned the non-expert advice. I don’t think the non-expert advice was necessarily bad. Mostly it was out of date.

Read more

Droidpocalypse? Josh Drake says no.

Dave Farquhar Android, security , , , , , , , ,

Josh Drake, the researcher who discovered the Stagefright vulnerability in Android that lets an attacker hack into an Android device by sending a specially crafted picture or video in a text message, was on the Risky Business security podcast this week to talk about it. What he had to say was interesting.

Patrick Gray, the host, tends to be a pretty outspoken critic of Android and isn’t shy about talking up Apple. He tried to get Drake to say Android is a trainwreck, security-wise, but Drake wouldn’t say it. Drake actually went as far as to say he thinks Android and IOS are fairly close, security wise.

So why do we see so many more Android bugs? Drake had an answer.

Read more

How to keep your Android from being hacked by a text message

Dave Farquhar Android, security ,

In case you haven’t heard, it’s possible to hack into about a billion Android phones by sending them a text message with a specially crafted picture or video attached.

Google has a fix. The carriers and phone makers are taking their sweet time pushing it out. They may never do it. Here’s how to protect yourself.

Read more

uBlock settings for better malware protection

Dave Farquhar security , , , ,

I have some easy uBlock settings to improve how it protects you against malware. You don’t think of ad blockers as a security tool? I do. It’s a good idea to use one even if you configure it to allow most ads through.

My favorite ad-blocking extension for Chrome is uBlock, because it’s faster and more resource friendly than the better-known Adblock Plus. It also comes configured by default to block known malicious sites, where Adblock Plus makes you dig for that feature.

But it’s still possible to tweak uBlock to give you even better protection against malware, and that’s a good thing. It’s one thing to detect malware and block it after you download it. But it’s even better to detect and block it before you download it in the first place. That keeps you safe if your antivirus software is slow to update for any reason.

Read more

Looking for a career change? Consider web app pentesting

Dave Farquhar Retro Computing, security , , , , , ,

IT jobs aren’t as easy to come by as they were 20 years ago, but web app pentesting is one subset of the field that I don’t see slowing down any time soon. Unfortunately it’s a poorly understood one.

But if you spent any significant time in the 1980s or early 1990s abusing commercial software, especially Commodore and Apple and Atari and Radio Shack software, I’m looking at you. Even if you don’t know it, you’re uniquely qualified to be a web app pentester.

Read more

Stunt Hacking: Why Charlie Miller hacked a Jeep driving on I-64

Dave Farquhar security , , , , ,

St. Louis-based security researcher Charlie Miller and his collaborator Chris Valasek got themselves in the news this week by hacking a Jeep driven by Wired journalist Andy Greenberg on I-64.

The reaction was mixed, but one common theme was, why I-64, where lives could have been at risk, rather than an abandoned parking lot?

I don’t know Miller or Valasek, so it goes without saying I don’t speak for either one of them, but I think I have a pretty good idea why they did it that way.

Read more

How to mitigate MS15-078 or future Microsoft font driver vulnerabilities

Dave Farquhar security , , , , , , ,

Microsoft rushed out an out-of-band patch, MS15-078, to deal with active exploits in their font driver yesterday. Since pushing out patches takes time, my boss asked me what we could do to mitigate the issue in the meantime.

The biggest threat, by far, is exploit-bearing fonts being downloaded from web sites. Ideally you only install trusted fonts from trusted sources locally on your workstations, right? If not, I suggest you start that practice as well.

You have a couple of options when it comes to blocking fonts in browsers.

Read more

Expect a rough road ahead for Flash

Dave Farquhar security , , , , , , , , , ,

Adobe has patched Flash twice in two weeks now. The reason for this was due to Hacking Team, an Italian company that sells hacking tools to government agencies, getting hacked. Hacking Team, it turns out, knew of at least three unpatched vulnerabilities (also known as “zero-days” or “0days”) in Flash, and exploits for these vulnerabilities were among the things that got breached.

That’s why Adobe is having a bad month.

Read more