David L. Farquhar on technology old and new, computer security, and more
I recently needed a new power supply for an Apple IIc to replace a missing one. It’s easy to adapt a modern laptop power brick to work with an Apple IIc. All you need is a pinout. Here’s an Apple IIc power supply pinout.
It’s probably not news to you that the hot trend in computing in 2021 is moving from on-premise computing to cloud computing. And that’s been a hot trend for several years. But what comes after cloud? What will replace cloud? It’s possible to predict what it will look like–just not the specifics.
My friend was building a new system. And like many new builds when you haven’t done one in a while, not everything went as smoothly as it could have. Here’s how he solved a phantom CPU fan error.
I frequently get data in CSV or Excel format, which I then have to use to deploy a vulnerability management solution like Tenable or Qualys. I use Pandas to process this data, which usually involves iterating each row of the dataframe in Pandas. It abuses Pandas. But it works. Yes, it’s a hack. I don’t care.
Sometimes we end up with deep scratches and gouges in wood that we need to repair. The solution is wood putty, but what if the wood putty doesn’t match? Here’s how to make color match wood putty, and/or make wood putty match stain.
One of my most frequent topics of discussion in my time as a vulnerability management architect was the question of a Qualys vulnerability vs discovery scan. It’s especially confusing because Qualys is completely silent on the topic. There’s a reason for that. Let’s talk about the types of Qualys scans and what they can do for you.
Officially, Qualys discovery scans don’t exist. That said, you can implement something very close to what Qualys’ competitors call a discovery scan, and reap numerous benefits from it.
A former colleague contacted me some time ago with an interesting conundrum. I thought his problem in the solution would be worth sharing, because it’s not at all uncommon. He manages a network of, let’s say, 22,000 computers. But he has licenses to scan 8,800 of them. The question is, what can he do?
What happened to Southwestern Bell? The once prominent name disappeared, but the company itself still exists.
Southwestern Bell didn’t go out of business, it’s just changed its name twice since 1995. In its current incarnation, it’s worth $229 billion.
Reading and analyzing a Nessus vulnerability scanner report is an underrated skill. Frankly, I see a lot of misuse and abuse surrounding Nessus scans. So let’s talk about how to read and analyze a Nessus scan for the purpose of understanding and solving problems.
You can read it in the user interface but I recommend exporting a CSV so you can sort and filter. The exact CSV format has changed a bit over the years so they may not be in this exact order. But this will get you started. The most important columns are all here. You’ll find it very similar to reading a Qualys scan report.
For reference, I used the sample file here: https://github.com/derekmorr/nessus-csv/blob/master/nessus_test.csv
The Lockheed Martin Cyber Kill Chain is a popular model in information security. The model illustrates the typical cyber attack. Like the CIA triad, the Cyber Kill Chain is a fundamental concept that helps people understand what motivates security professionals. Understanding it and being able to explain it makes us more effective at our jobs.
Here’s an explanation of the Cyber Kill Chain, along with a couple of examples, one real, and one imagined.