security Archives

Home » security » Page 51

In defense of telework

Dave Farquhar security February 27, 2013October 11, 2019cisco, IM, Kansas City, raid array, VPN, yahoo

I work from home one day a week. Most of my coworkers do as well.

So I was interested when I read about Yahoo! doing! away! with! telecommuting! (with apologies to The Register. I couldn’t resist.)
Read more

Dave Farquhar

David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.

dfarq.homeip.net

Is powerline networking secure?

Dave Farquhar security February 25, 2013March 13, 2021AT&T, comcast, FCC, lowercase letters, os x, time warner

Is powerline networking secure? It can be, but just like wireless, you have to set it up securely. Here’s what you need to know about powerline networking security.

Dave Farquhar

dfarq.homeip.net

Firefox 19 is a big security improvement

Dave Farquhar security February 21, 2013February 20, 2013chrome, firefox, IRS, NIST, ramdisk

Mozilla quietly released Firefox 19 this week. Its biggest selling point is a built-in PDF viewer (like Google Chrome does), which makes me more comfortable than having Acrobat Reader installed–Mozilla is generally faster at fixing security holes than Adobe. Besides that, the built-in reader is fast. No waiting for Acrobat to launch. Short documents like IRS form 1040 display very quickly, though it wasn’t so crazy about me throwing the 237-page NIST 800-53 (if you’d like some light reading) at it. I closed the tab and revisited it, and it loaded the second time.

So this is an update you want. You may be wise to wait a day or two for it to stabilize (Firefox 18 was rapidly updated to 18.0.1 and 18.0.2 after its release), but being able to ditch Acrobat Reader (or leave it installed but only use it when absolutely necessary) definitely is appealing. Update it this weekend, maybe.

Dave Farquhar

dfarq.homeip.net

CISPA is trying to solve a legitimate problem

Dave Farquhar security February 20, 2013February 19, 2013breach, CISPA, legislation, New York, new york times, NYT, PIPA

I read yet another anti-CISPA piece today. I’m not comfortable trying to read it and decide whether it’s a good or bad piece of legislation, but I do understand the problem it’s trying to solve.

Those who have tried to paint CISPA as the new SOPA or PIPA are misunderstanding the problem CISPA is trying to solve. CISPA isn’t supposed to be about stopping the scourge of teenaged boys using the Internet to copy music and movies. It’s actually chasing something nefarious.

Let me give you an example.
Read more

Dave Farquhar

dfarq.homeip.net

Ars Technica looks at asymmetric enryption

Dave Farquhar security February 18, 2013November 30, 2018Ars Technica, CBK, cissp

Ars Technica posted an overview of asymmetric encryption recently.

Dave Farquhar

dfarq.homeip.net

CPE opportunity: Exploding the Phone

Dave Farquhar security February 17, 2013July 4, 2018AT&T, CBK, cissp, cissp exam, CPE, isc, phone phreaking

This week Cnet interviewed Phil Lapsley, the author of Exploding the Phone, a book about the early history of phone phreaking.

Phone phreaking is absolutely fair game for the CISSP exam. I couldn’t tell you anymore how many phone phreaking questions I had to answer, but let me just say I’m glad I’d read those pages in the CBK about phone phreaking.

Dave Farquhar

dfarq.homeip.net

The problem with dictionary passwords

Dave Farquhar security February 11, 2013July 5, 2018CISPA, password requirements, passwords, piracy

Consulting firm Deloitte is warning that 8-character passwords will be obsolete this year. Sound familiar? Of course, the Slashdot crowd blamed it as security “experts” (their words) creating hype to make money.

Well, I’m a certified security professional who doesn’t have a dog in this fight, except that I don’t want your accounts getting stolen. So here’s the problem with many of the solutions the Slashdot crowd posed.

Dave Farquhar

dfarq.homeip.net

Update Flash now

Dave Farquhar security February 8, 2013February 8, 2013mac os x, os x

Adobe updated Flash today, to fix a couple of 0-day vulnerabilities. Here’s how to force a manual update on Windows and Mac OS X. I put on my sysadmin hat and looked over the update scripts on the page; they’re a little complex but don’t do anything nefarious.

Grab the appropriate update script for the type of computer you’re running, close your browser, run it, and stay safe. And remember, you’re doing me and the rest of the world a favor; if your computer is up to date, then it isn’t attacking my network, and if mine’s up to date and secure, mine isn’t attacking yours.

Dave Farquhar

dfarq.homeip.net

Advice on dealing with ransomware

Dave Farquhar security February 8, 2013December 1, 2018android, asus, bitdefender, infestations, malware, malwarebytes, thumb drive

PC Mag has some advice about ransomware. The most important bit of advice is to have a secondary machine that you can use to go get help.
Read more

Dave Farquhar

dfarq.homeip.net

Beware of unexpected links in e-mail messages

Dave Farquhar security February 5, 2013November 30, 2018spam, Two-factor authentication, yahoo

Hackers are stealing Yahoo accounts by sending messages containing malicious web page links.

The message looks like a link to a web page on MSNBC. But if an unsuspecting user clicks on it, it redirects to another page that steals the e-mail account, allowing the hacker to use the account to send spam, or grab the account’s contact list.

The gory details are here.
Read more

Dave Farquhar

dfarq.homeip.net