security Archives

Home » security » Page 3

What happened to NCIX

Dave Farquhar Retail, security January 23, 2024December 24, 2025

NCIX was a Canadian computer retailer, similar in concept to Fry’s or Micro Center. It went out of business in 2017 and its data was breached in 2018. Here’s what happened to NCIX.

Dave Farquhar

David Farquhar is a computer security professional, entrepreneur, and author. He has written professionally about computers since 1991, so he was writing about retro computers when they were still new. He has been working in IT professionally since 1994 and has specialized in vulnerability management since 2013. He holds Security+ and CISSP certifications. Today he blogs five times a week, mostly about retro computers and retro gaming covering the time period from 1975 to 2000.

dfarq.homeip.net

Why physical destruction of RAM is sometimes necessary

Dave Farquhar security January 22, 2024November 26, 2023

I found this photograph along with the question about its intent. The photo was a RAM module with holes drilled in it. The person who posted the photograph asked a very valid question as to why physical destruction of RAM is necessary.

Dave Farquhar

dfarq.homeip.net

SCCM vs WSUS

Dave Farquhar security December 18, 2023December 16, 2023

Since I work for a vulnerability management company, I get tons and tons of questions about patch management. I don’t speak for my employer, and they probably don’t have an opinion since neither product comes close to meeting their needs. But I’m glad to share what I know. Recently, someone asked me which is better, SCCM or WSUS. My answer probably was not what they were expecting me to say.

Dave Farquhar

dfarq.homeip.net

What defense in depth is in information security

Dave Farquhar security November 29, 2023November 26, 2023

Defense in depth is a common phrase you hear in information security. It’s also frequently misunderstood. In this blog post, I’ll provide links to a couple of examples of defense in depth, and provide some insights into the mindset. Because more than anything else, defense in depth is a mindset that takes more than seeing examples to grasp.

Dave Farquhar

dfarq.homeip.net

Manage Engine Patch Manager review: Just what you needed

Dave Farquhar security November 22, 2023May 13, 2025

I’ve been evaluating Zoho Manage Engine Patch Manager, and so far I like what I see. It is a capable patch deployment tool that supports Windows, Linux, and Macintosh, and crucially, it will deploy patches for third party applications, including open source applications, both popular and obscure.

Dave Farquhar

dfarq.homeip.net

Hosts file to stop Windows from spying on you

Dave Farquhar security November 21, 2023November 19, 2023

Modern versions of Windows collect a huge amount of telemetry on you. But running older versions of Windows puts you at greater security risk, and running another OS may or may not always be feasible. So for those instances, it’s possible to use a hosts file to stop Windows from spying on you.

Dave Farquhar

dfarq.homeip.net

Protect your scanning credentials with defense in depth

Dave Farquhar security November 13, 2023November 11, 2023

A common objection I hear to scanning systems with credentials is the fear of that account getting compromised. In this blog post, I will talk about ways to mitigate that risk using defense in depth. I will also explain why scanning with credentials is itself a vital component of defense in depth.

Dave Farquhar

dfarq.homeip.net

Mitigate curl vulnerabilities on Windows

Dave Farquhar security October 25, 2023October 22, 2023

Microsoft’s monthly Windows updates include a binary copy of the open source utility curl. Microsoft is not especially diligent about keeping the utility up to date, and they take measures to stop you from updating it yourself. In this blog post, I’ll talk about how to go about mitigating the vulnerabilities when you can’t update with a patch.

Dave Farquhar

dfarq.homeip.net

CVE-2023-23378 Print 3D RCE remediation

Dave Farquhar security October 23, 2023March 22, 2024

The official fix for CVE-2023-23378 is to install 3D Builder from the Microsoft App Store, as Microsoft deprecated Print3D. A better, more scalable fix is to uninstall the vulnerable component with a Powershell command.

I get a fair number of questions about vulnerabilities in Microsoft Store apps in my day job, so I share my notes and observations in case they’ll help other people as well.

Dave Farquhar

dfarq.homeip.net

CVE-2023-36739 Microsoft 3D Viewer Remote Code Execution remediation

Dave Farquhar security October 17, 2023March 22, 2024

If you’re dealing with CVE-2023-36739, CVE-2023-36740, and CVE-2023-36760 Microsoft 3D Viewer Code Execution remediation, the best way to do it, assuming you’re not using the app, is to uninstall it. Here’s why this is OK to do, and how to do it. Fixing Windows Store vulnerabilities is hard. And Microsoft 3D Viewer has a history of high severity vulnerabilities dating back to October 2020, so uninstalling it can save you future remediation work.

I get a fair number of questions about vulnerabilities in Microsoft Store apps in my day job, so I share my notes and observations in case they’ll help other people as well.

Dave Farquhar

dfarq.homeip.net