Chrome and EMET

Dave Farquhar security ,

A week or two ago, Chrome quit working–I would launch it, and EMET would give me a message that it detected Caller Mitigation. It turns out that particular setting isn’t compatible with Chrome 35 and up.

The fix is easy. Launch EMET, click “Apps,” scroll down to Chrome, and uncheck the 10th item from the left.

Google doesn’t recommend EMET because Chrome already does most of the things that EMET forces, and the EMET mitigations that Chrome lacks can be bypassed. To me, that doesn’t make them worthless. It filters out the unsophisticated attackers. And if you make the advanced adversary make the attack more complex, there’s a greater chance of being caught. Security isn’t about preventing everything–you can’t–but you can raise the stakes.

That’s why I disabled Caller Mitigation and keep EMET enabled on Chrome.exe.

I also saw this week that Google is working on a 64-bit version of Chrome for Windows. Finally! Once it comes out of beta, that’s something I’ll be installing. That may be what makes me change allegiances from Firefox.

Things I said at the Royals-Cardinals game last night

Dave Farquhar Baseball , , , , ,

So last night I went to the Royals-Cardinals game in St. Louis with one of my best friends. Being a Cardinals fan, he doesn’t follow the Royals much, so I filled him in a bit.

I told him I like when the Royals play National League teams and don’t have the DH rule, because their pitchers are some of their best hitters. To prove my point, James Shields, the Royals’ starting pitcher, went two for two with a single, a double, a run scored and a run batted in. Read more

SSDs for the masses, 2014 edition

Dave Farquhar Hardware , , , ,

If you’re looking for alternatives to nasty platters of spinning rust for storing your data, I have good news for you: SSDs are getting cheaper, and fast. They aren’t as cheap as rust, but there’s probably a good reason for that if you think about it for a minute.

PNY has been tempting me all year with the PNY XLR8, a 240 GB drive that typically sells for $80-$90 after a rebate. It uses an inexpensive controller to deliver middling performance, but compared to the speed that spinning rust can deliver, it’s still going to be pretty good. Then Micron came along with its Crucial MX100, which delivers 240 GB for $110, or 480 GB for $225, along with enthusiast-grade performance. Read more

Truecrypt and collateral damage

Dave Farquhar security

Last week, the free full-disk encryption program Truecrypt was abruptly discontinued, for reasons that made no sense, and making equally nonsensical recommendations about substitute products to use.

There’s speculation that the creators of Truecrypt received a National Security Letter, but can’t say anything about it. Right now we have to take it as a rumor–it’s bad if governments are cracking down on encryption, but we’ll save that discussion for another day, when we know whether they actually are. Let’s talk instead about why you need encryption if you own a computer, just like you need locks on your front door.

Read more

Windows XP rises from the dead… accidentally

Dave Farquhar security, Windows ,

I’ve been hearing predictions for a year that after Windows XP went out of support, it would only be a matter of time before people started backporting patches to it.

As it turns out, they don’t have to. Windows XP has a close relative, Windows Embedded, that doesn’t go out of support until 2019. The people who are fretting over XP-based ATMs and cash registers don’t realize many of those devices–those built in 2009 or later–are running Windows Embedded. It looks just like XP, works just like XP, and installs a lot like XP, but it’s still supported. The bigger question is whether the people running it are patching it, but that problem has existed ever since Microsoft released Windows Update.

Well, with a simple registry hack, it’s possible to make Windows XP look like Windows Embedded and keep getting updates. Microsoft quickly issued a statement, and some people are predicting Microsoft will quickly close that loophole.

I’m not so sure about that. Read more

Firefox memory high? It might be Adblock Plus

Dave Farquhar Uncategorized ,

Last week, a great deal of discussion about ad blocking and its effect on memory usage took place. This makes a lot of sense, and explains why my memory usage has always been really high.

I’m not sure there’s a lot you can do about it. One of these days I’m going to get around to standing up a pfsense box, which, among other things, can serve as a web cache and block ads for an entire network. My family has enough machines to justify that, and, given that security is what I do for a living, it’s something I need to be experimenting with anyway.

Takeaways from Patrick Gray’s AusCERT coverage

Dave Farquhar security , , , , ,

I’ve been listening to Patrick Gray’s coverage of the AusCERT security conference, and I walked away with two major takeaways, one for security professionals and one for everyone.

Everyone first: Use SSL (https) everywhere you possibly can. Generate superfluous https traffic if you can.

Network professionals: Block as much UDP at the firewall as you can.

Read on for more. Read more