security Archives

Home » security » Page 55

Scratch one fake antivirus vendor

Dave Farquhar security October 5, 2012April 16, 2017antivirus, malware

The FTC appears to have sued the makers of XP Antivirus, among others, out of business–to the tune of $163 million.

There will be no tears from me.

David Farquhar is a computer security professional, entrepreneur, and author. He has written professionally about computers since 1991, so he was writing about retro computers when they were still new. He has been working in IT professionally since 1994 and has specialized in vulnerability management since 2013. He holds Security+ and CISSP certifications. Today he blogs five times a week, mostly about retro computers and retro gaming covering the time period from 1975 to 2000.

dfarq.homeip.net

CISSP vs. CASP vs. CEH

Dave Farquhar security October 3, 2012November 24, 2018antivirus, CEH, certifications, cissp, datacenter, DBA, firewall, IDS

One of my coworkers invited me to watch a webinar with him today that promised to compare CompTIA’s new high-end certification with the CISSP.

I was skeptical at first, especially when I heard it was an 80-question, 150-minute test. But by the end, I mostly liked what I heard.

Dave Farquhar

dfarq.homeip.net

Oracle finally does the right thing

Dave Farquhar security September 2, 2012oracle

So if you didn’t drop everything and uninstall Java last week, I need another favor. Oracle released a patch for Java, so go patch it.

Sometimes community outcry and pressure works. It looks like this time it did. I just wish Oracle had made a bigger deal about it. Yes, you’re eating crow, but people need to know that this is something they need to do. One of the most frequent questions I get is whether it’s really necessary to patch Java. The answer is yes, it’s just as important as the monthly Microsoft patches. But nobody seems to know or care. They’re afraid they might break something, so they don’t do it.

Dave Farquhar

dfarq.homeip.net

Why your write blocker doesn’t work with the IDE cable backwards

Dave Farquhar security September 1, 2012April 24, 20171990s

I’m reviewing and revising policies and practices at work, including data forensics, the unfortunate necessity caused by employees misusing their company-issued machines.

Early in my career, I had to make the phone call to HR on occasion when I discovered something on an employer-owned PC that shouldn’t be there. I even did forensics once, guided by a lawyer. I had a sector editor and knew how to use it; the lawyer knew what she was looking for. That wasn’t the right way to do it, but this place wasn’t willing to go to the expense required to do it right.

But now I work someplace that is. Read more

Dave Farquhar

dfarq.homeip.net

Stop whatever you’re doing and uninstall Java. I’ll wait for you.

Dave Farquhar security August 29, 2012mac os x, oracle, os x

For years, standard practice has been to install Java, just in case you need it.

That’s no longer a safe practice. For your own safety, unless you absolutely, positively need Java, you should uninstall it. If you’re not sure if you need Java, uninstall it, then consider reinstalling if something breaks. Read more

Dave Farquhar

dfarq.homeip.net

Ways to keep your password from being guessed–today

Dave Farquhar security August 23, 2012November 3, 2025

Articles like Ars Technica’s Why passwords have never been weaker — and crackers have never been stronger are getting more and more common these days.

In a positive development, I don’t think the story had been live more than an hour or two before people started asking me questions. That’s good, because that tells me that people care.
Read more

Dave Farquhar

dfarq.homeip.net

Thanks for the misinformation, Disney

Dave Farquhar security August 21, 2012android, antivirus, apache, BSD, computer security, iphone, mac os x, os x, sony, spyware

In one of its throwaway kid’s sitcoms, Disney insinuates that open source software contains spyware and using it is a ‘rookie mistake’.

Open source software rarely contains viruses or spyware. Since it’s open for examination, changes to the code that have any funny business in them tend to be rejected. For that matter, code with unintended bad consequences tends to either be rejected, or quickly changed.
Read more

Dave Farquhar

dfarq.homeip.net

Two more questions about wireless security

Dave Farquhar security August 20, 2012linksys, passwords, SSID, wrt54g

I got two good questions last week, via Facebook, that I answered briefly in the comments, but are worth further exploration: Does it beef up wireless security to hide the SSID and only allow the MAC addresses of hardware you own?

Those are good questions. Smart questions. I like those kinds of questions.

Unfortunately, neither measure gets you a whole lot. Against a sophisticated attacker, that buys you minutes, compared to the security of a strong password, which buys you years. It’s like having a locked screen door in front of the vault door at Fort Knox. (Assuming you’re using a strong password–if you’re using a weak password and these measures, it’s like having multiple locked screen doors.)

Then again, not everyone is a sophisticated attacker.
Read more

Dave Farquhar

dfarq.homeip.net

Security doesn’t have to be intimidating to be effective

Dave Farquhar security August 18, 2012extra mile, prison

I got into a conversation the other day about physical security, basing the physical security of a particular facility. “You have to sign in when you enter. Well laddy da!”

Actually, there are times where that’s completely appropriate. But they actually missed something, too. The facility they were making fun of has a locked door and a log.
Read more

Dave Farquhar

dfarq.homeip.net

Windows 8 promises better security–to a point

Dave Farquhar security August 12, 2012antivirus, malicious code, windows 8

At the summer hacker conferences, researchers have been talking up Windows 8 and its improved security. They talk a good game, but here’s the end run around it.

Dave Farquhar

dfarq.homeip.net