Windows 7 spies on you like Windows 10 now

Dave Farquhar security, Windows , ,

This is a few days old now but needs to be addressed–a lot of people were planning on staying on Windows 7 because they don’t like Windows 10’s new privacy settings, but unless you uninstall some stealthy updates, Windows 7 spies on you too.

Microsoft used to call this “scroogling,” and launched a massive PR campaign against Google, but now they’re doing exactly the things they blasted Google for doing, only they’re collecting money to do it.

So basically Microsoft is trying to have it both ways now–charge for the OS, but treat the consumer as a product. Windows 7, of course, was a paid upgrade, and Windows 10 is only free under special circumstances–businesses and OEMs still pay for it.

To make Windows 7 and 8 stop scroogling you, uninstall KB3068708,  KB3075249, and KB3080149, all of which have the word “telemetry” in their description.

The workstation events you want to be logging in Splunk

Dave Farquhar security , , , , ,

Every once in a while the NSA or another government agency releases a whitepaper with a lot of really good security advice. This paper on spotting adversaries with Windows event logs is a fantastic example. It’s vendor-neutral, just talking about Windows logs and how to set up event forwarding, so you can use the advice with any log aggregation system or SEIM. I just happen to use and recommend Splunk. But whatever you use, these are the workstation events you want to be logging.

I want to call your attention to a couple of items in the paper. Most breaches begin on workstations, and this paper has the cure.

Read more

The freedom to fix our stuff

Dave Farquhar Uncategorized , , , , , ,

This week the Wall Street Journal ran an editorial about the right to fix our gadgets. It was surprisingly pro-consumer. The author wrote about a friend whose Samsung TV broke due to $12 worth of capacitors and how he fixed the TV, with no experience, in a couple of hours. I can relate, though I took the easy way out.

He lamented the throwaway of gadgets being unethical on several levels, and I agree. I also remember a time when it wasn’t this way.

Read more

CD won’t rip? Try a different drive.

Dave Farquhar Hardware, Music, War Stories , ,

A few weeks ago I uncovered a stash of CDs from my college and early bachelor days that, for one reason or another, I’d never ripped to MP3 format.

When I started ripping the discs, I got one clue as to why I never ripped some of them: Some of them made the DVD drive in my Dell laptop sound like a Commodore 1541. If you ever owned a Commodore, you know exactly what I’m talking about. If you haven’t ever owned a Commodore, let’s just say my drive groaned in protest very loudly, and in exchange for putting up with the noise and insanely long rip times, I received a bunch of errors and a few MP3s that played really poorly.

Read more

Your company’s juiciest Linkedin targets

Dave Farquhar security ,

People who’ve moved onward and upward within the company, bridging multiple departments are great attack targets because they probably have more permissions than someone who’s stayed in a single role.

In non-security speak, let’s talk about someone who moves from Accounting to HR. The right way to handle it is to grant access to all of the HR data and systems, and cut off all of the person’s access to accounting data and systems.

In practice, that rarely happens. In previous roles, I’ve often ended up with access to more than one group of systems after being moved around, so I’ve not only seen it, I’ve experienced it firsthand.

The bad guys know this. So they’re going to scour Linkedin for people who have multiple entries on their profiles for the same company, knowing they probably still have both feet in both worlds. People like that are going to get more phishing e-mails than average, because then they’ll have access to twice as much stuff. That means if an attacker manages to get onto their system, they’ll have access to twice as much stuff.

This gets overlooked a lot, but HR and security need to have a very good working relationship to keep these kinds of situations from happening. Employees who stay with an organization and move onward and upward within it are very rare these days, and those employees deserve every bit of the extra protection they need.

Career advisers say to make sure you show all of your upward movement within the same company on your resume and on your Linkedin profile. I know not everyone does this, but jobs are difficult enough to get that we have to assume people are looking for that edge. As security professionals, our job is to understand this reality and make sure it doesn’t mean extra exposure.

How to disarm a scammer

Dave Farquhar scams , ,

Buried unfortunately deep in August’s Social Engineer podcast was some outstanding advice from British TV star R. Paul Wilson, who turned scamming into prime-time BBC TV for several seasons.

Wilson, who literally has sold someone a bridge that he of course didn’t own, has lots of experience on both sides of scamming, so his experience is invaluable. I was just disappointed that we had to listen to 45 minutes of Christopher Hadnagy and David Kennedy arguing before we could hear it, so I’ll cut through the garbage.

Read more

The most valuable IT skill you can learn in 2015: Splunk

Dave Farquhar security

Whether you want to move to security or just get a lot of job security and raise potential while staying in infrastructure, probably the best thing you can do for your career is to learn Splunk.

What’s Splunk, you ask? Well, my t-shirt says “Weapon of a security warrior,” but it really does a lot more than that.

I think of it as a centralized logging and alerting system, but really, because it can log and alert and draw graphs, it can replace almost any piece of management infrastructure. I asked, only ten-percent joking, why a Splunk shop needs to run anything else to manage itself.

Stand up Splunk, let it collect your logs and your performance data, and when something goes wrong, you have one place to look for the data you need to figure out what happened.

Fortunately, unlike many enterprise tools, you can run Splunk at home for free. Splunk offers a well-written 200-page book for free in all of the common e-book formats that provides a good introduction and a set of data to play with, and you can download the software itself from Splunk’s front page. You can then pull your logs from all of your desktops, and if you run DD-WRT, you can pull those logs as well, then practice learning what you can from that data beyond what’s in the book.

You will undoubtedly find some things when you start poking around, so even if you’re not able to get going with Splunk in your current role, you’ll end up with the war stories you need to get a Splunk-related role for your next job. Even if all you do is catch HD Moore and Robert Graham scanning you, your interviewer will be interested in hearing how you saw it and managed to figure out it was them.