The Silicon Underground

Home » Page 243

How to mitigate MS15-078 or future Microsoft font driver vulnerabilities

Dave Farquhar security July 21, 2015December 6, 2015chrome, firefox, journalism, Proxy server, SUBSYSTEM, vector, vulnerability, Whitelist

Microsoft rushed out an out-of-band patch, MS15-078, to deal with active exploits in their font driver yesterday. Since pushing out patches takes time, my boss asked me what we could do to mitigate the issue in the meantime.

The biggest threat, by far, is exploit-bearing fonts being downloaded from web sites. Ideally you only install trusted fonts from trusted sources locally on your workstations, right? If not, I suggest you start that practice as well.

You have a couple of options when it comes to blocking fonts in browsers.

Health insurance between jobs

Dave Farquhar Health July 20, 2015February 15, 2018COBRA, CVS, insurance company

I recently changed jobs, and although I’ve dealt with gaps in medical coverage before, I didn’t anticipate everything this time. Let’s talk about what to do for health insurance between jobs. And let’s talk coverage too–they aren’t always the same thing.

First things first: gaps are likely, and the laws are written under the assumption that small gaps will happen. The system still isn’t what I would call fair, not that it ever has been, but generally it’s possible to navigate the system and get the coverage you need. I’m not here to complain about the system; I’m here to tell you what I did, or could have done, to navigate it.

Yes, an ethical journalist protects his/her sources

Dave Farquhar Writing July 17, 2015July 15, 2015journalism, Missouri, university of missouri

An anonymous reader asked why journalists protect their sources.

It’s a fair question but an easy one to answer. Part of a journalist’s role in society is accountability. When something is wrong, the journalist is supposed to raise awareness.

Why this latest attempt to resurrect the Commodore brand will probably flop

Dave Farquhar Android, Retro Computing July 16, 2015August 3, 20171980s, 1990s, amiga, android, apple, commodore, dell, lenovo, motorola, Packard Bell

The Commodore brand is back again, this time on an Android smartphone. For a premium price, you get an Android 5.0 phone with the Commodore logo on it, preloaded with VICE and an Amiga emulator, which, between the two of them, emulate just about everything Commodore ever made, except, perhaps, the products that can be emulated with the Android calculator app.

But I don’t expect this attempt to be any more successful than earlier efforts to resurrect the brand.

Expect a rough road ahead for Flash

Dave Farquhar security July 15, 2015July 14, 2015android, apple, breach, chrome, IOS, ipad, iphone, oracle, os x, Patch Tuesday, yahoo

Adobe has patched Flash twice in two weeks now. The reason for this was due to Hacking Team, an Italian company that sells hacking tools to government agencies, getting hacked. Hacking Team, it turns out, knew of at least three unpatched vulnerabilities (also known as “zero-days” or “0days”) in Flash, and exploits for these vulnerabilities were among the things that got breached.

That’s why Adobe is having a bad month.

What to look for in a performance SSD

Dave Farquhar Hardware July 14, 2015July 12, 2015PCI Express, pcie

The Register has a nice writeup on performance SSDs. The only problem is that performance is really a matter of diminishing returns, and The Reg didn’t report on random I/O.

Why you can’t get to Google and Facebook on AT&T U-Verse

Dave Farquhar Servers and Networking July 13, 2015July 12, 2015AT&T, AT&T U-verse

If you have AT&T U-Verse, from time to time you may have issues with Facebook or Google sites like Youtube not working, while the rest of the Internet works fine.

The solution is simple but non-obvious: Disable IPv6.

My sons and the chiropractor

Dave Farquhar Health, Parenting July 10, 2015June 20, 2015Chiropractor

I take my sons to the chiropractor once a month. Their fame precedes them, and for good reason.

How do you conduct yourself as a security professional?

Dave Farquhar security July 9, 2015October 5, 2018CISO

At a recent job interview, the CISO asked me a really good question that I wish more people would ask.

He asked me how I conduct myself as a security professional when dealing with the rest of IT.

Work-life integration vs. work-life balance

Dave Farquhar Health, security July 8, 2015November 27, 2016podcast

I wanted to bring up another subtopic from Dr. Ellen Langer’s interview on the Social Engineer podcast: work-life integration. It’s important to consider work-life integration vs. work-life balance.

Dr. Langer stated that work-life balance is inherently unhealthy, because the idea creates a notion that you have to be one person at home and a completely different person at work. She didn’t put it this bluntly, but essentially it means living a lie at least part of the time. She did say nobody should want to live life like that.