“Daniel” from “Microsoft” called me the other day. The number looked halfway legit so I picked up. He out and out claimed to be from Microsoft and said he was getting alerts from my computer. His voice sounded familiar–I think I’d talked to him before.
“Which computer?” I asked.
“Your Microsoft computer,” he said.
Every once in a while the NSA or another government agency releases a whitepaper with a lot of really good security advice. This paper on spotting adversaries with Windows event logs is a fantastic example. It’s vendor-neutral, just talking about Windows logs and how to set up event forwarding, so you can use the advice with any log aggregation system or SEIM. I just happen to use and recommend Splunk. But whatever you use, these are the workstation events you want to be logging.
I want to call your attention to a couple of items in the paper. Most breaches begin on workstations, and this paper has the cure.
Last week, I heard a webcast in which the presenter repeated some advice from 2004: Patch things like your financial systems first, and your workstations last.
Workstations need to be first. Read more
Monthly patches and upgrades don’t always go well, but getting them down is increasingly critical, especially for applications like Flash, Reader, and the major web browsers. This week I called it “the new firewall.”
Twenty years ago, home users almost never bothered with firewalls. My first employer didn’t bother with them either. That changed in the late 1990s, when worms exploiting weaknesses in Microsoft software devastated the nascent Internet. Firewalls soon became commonplace, along with some unfortunate hyperbole that led some people to believe firewalls make you invisible and invincible, a myth that persists in some circles even today.
For this reason I’m a bit hesitant to declare anything a new firewall, but firewalls are necessary. So is protecting key software.
I was talking breaches last week when a very high-up joined the conversation in mid-stream.
“Start over, Dave.”
“OK. I’m talking about breaches.”
“I know what you’re talking about,” he said, knowingly and very clearly interested.
I’ve grown used to being asked what unpatched vulnerability was used in the most recent breach, in an effort to make sure some other company is protected.
I appreciate the desire to learn from other companies’ mistakes and not repeat them. But there are several reasons why the answer to that question is complicated, and not necessarily helpful.
I don’t buy a lot of hardware anymore, but we purchased a Fujitsu Scansnap ix500 document scanner this month. It has a fantastic reputation, and it only took an hour to live up to it for me.
Vuescan is a third-party scanning tool for most versions of Windows, OS X, and Linux. It supports hundreds of scanners, including those abandoned by manufacturers. It’s probably better than what came with your scanner. The pro edition probably costs as much as your scanner too, but comes with lifetime free updates, so you know you’ll be able to use your scanner for as long as it continues to operate, rather than rolling the dice on manufacturer-provided drivers working with your next upgrade. And you can run it on up to four computers at a time, which is nice.
Full disclosure: I bought this software myself. I was not provided a copy for review, nor am I receiving anything in exchange for writing this review. Now that’s out of the way, and you don’t to have to guess about my motives. Read more
As you probably know, last year some still-unknown criminals stole a whole bunch of credit and debit card data from Target. And the story keeps changing. First there weren’t any PINs. Then they got the PINs, but no personally identifiable data. Well, the latest news indicates they got credit card numbers, names, addresses, phone numbers, e-mail addresses, and for a whole lot more people, and probably from a longer length of time than just late November to mid-December.
There are a few things you ought to do if you shop at Target, which many people do. Read more
I wish I’d posted this last week, since many of us see one set of relatives at Thanksgiving and a different set at Christmas (and perhaps New Year’s). Here are things you can do as preventative maintenance for relatives whose computers could use a little help. Read more