Every once in a while the NSA or another government agency releases a whitepaper with a lot of really good security advice. This paper on spotting adversaries with Windows event logs is a fantastic example. It’s vendor-neutral, just talking about Windows logs and how to set up event forwarding, so you can use the advice with any log aggregation system or SEIM. I just happen to use and recommend Splunk. But whatever you use, these are the workstation events you want to be logging.
I want to call your attention to a couple of items in the paper. Most breaches begin on workstations, and this paper has the cure.
I wanted to be able to stream from Windows Media Player to Android. I have lots of media stored on my Windows computers, but what if I’m in a room that doesn’t have a computer, or outside?
Good GenXer that I am, I spent decades collecting CDs. Some of my stuff is as common and ordinary as it gets. But some of it isn’t on any of the streaming services and probably never will be because there were exactly two other people alive who liked it.
I ripped most of them with Windows Media Player and stored them on my PC with the biggest drive. But that’s not necessarily where I want to listen to music from. Media Player can stream between multiple PCs, but it can also stream to an Android phone or tablet, which, in many cases, is even more convenient.
Continuing in the theme I’ve been following for the last couple of days, here’s a guide to security and privacy with web browsers. Like the guide I linked to yesterday, I’m not sure I agree with it 100%–I think saying never use Internet Explorer is too absolute–but I do agree with the overwhelming majority of it, and if everyone did all of this instead of what they’re doing now, we’d be in a much better state.
And, on a somewhat related note, here’s a rundown of what Windows 10 changes in the way of privacy, and some recommendations, but here’s a hint: You’re going to want to type privacy into your Windows search bar, pull up everything related, and start shutting stuff off. Use your discretion, but chances are there will be several things. If nothing else, there are things that are appropriate for a Windows tablet that aren’t appropriate for a desktop PC.
Let’s get back to privacy and safety in general, whatever OS you’re running. Here are some highlights.
I have some easy uBlock settings to improve how it protects you against malware. You don’t think of ad blockers as a security tool? I do. It’s a good idea to use one even if you configure it to allow most ads through.
My favorite ad-blocking extension for Chrome is uBlock, because it’s faster and more resource friendly than the better-known Adblock Plus. It also comes configured by default to block known malicious sites, where Adblock Plus makes you dig for that feature.
But it’s still possible to tweak uBlock to give you even better protection against malware, and that’s a good thing. It’s one thing to detect malware and block it after you download it. But it’s even better to detect and block it before you download it in the first place. That keeps you safe if your antivirus software is slow to update for any reason.
Microsoft rushed out an out-of-band patch, MS15-078, to deal with active exploits in their font driver yesterday. Since pushing out patches takes time, my boss asked me what we could do to mitigate the issue in the meantime.
The biggest threat, by far, is exploit-bearing fonts being downloaded from web sites. Ideally you only install trusted fonts from trusted sources locally on your workstations, right? If not, I suggest you start that practice as well.
You have a couple of options when it comes to blocking fonts in browsers.
Adobe has patched Flash twice in two weeks now. The reason for this was due to Hacking Team, an Italian company that sells hacking tools to government agencies, getting hacked. Hacking Team, it turns out, knew of at least three unpatched vulnerabilities (also known as “zero-days” or “0days”) in Flash, and exploits for these vulnerabilities were among the things that got breached.
If you want to make your online banking more secure, I have a tip for you.
Due to the increasing amount of malware targeting bank accounts, it’s not a bad idea to dedicate a computer to online banking and only online banking. Of course, who wants to dedicate an expensive computer to that task?
You don’t have to. You can buy a $120 refurbished Chromebook to use. If you don’t want to spend any money but have a seldom-used computer still hanging around that isn’t good for much, load Linux Mint on it and use it exclusively for banking. My experience with Mint on an old netbook has been rather good. Linux Mint is, if anything, easier to get up and running than Windows.
Monthly patches and upgrades don’t always go well, but getting them down is increasingly critical, especially for applications like Flash, Reader, and the major web browsers. This week I called it “the new firewall.”
Twenty years ago, home users almost never bothered with firewalls. My first employer didn’t bother with them either. That changed in the late 1990s, when worms exploiting weaknesses in Microsoft software devastated the nascent Internet. Firewalls soon became commonplace, along with some unfortunate hyperbole that led some people to believe firewalls make you invisible and invincible, a myth that persists in some circles even today.
For this reason I’m a bit hesitant to declare anything a new firewall, but firewalls are necessary. So is protecting key software. Read more
A commenter asked me last week if I really believe the lock in a web browser means something.
I’ve configured and tested and reviewed hundreds of web servers over the years, so I certainly hope it does. I spend a lot more time looking at these connections from the server side, but it means I understand what I’m seeing when I look at it from the web browser too.
So here’s how to use it to verify your web connections are secure, if you want to go beyond the lock-good, broken-lock-bad mantra.