Patch management strategy

Vulnerability management and patch management are close relatives. In most companies, think of them as siblings who hate each other. That’s usually how it plays out. It doesn’t always have to be that way, but it takes some thought and strategy from both sides. Here are some ideas for patch management strategy.

Read more

High side vs low side

High side vs low side

The other day I heard a reference to the “high side vs low side” of a computer system in a podcast, and the speaker didn’t stop to clarify. Worse yet is when you hear “on the low side” or “on the high side.” I came from the private sector into government contracting myself. I wasn’t born knowing this jargon either, so I’ll explain it.

Read more

Microsoft looks back at MS08-067

The most infamous Microsoft patch of all time, in security circles at least, is MS08-067. As the name suggests, it was the 67th security update that Microsoft released in 2008. Less obviously, it fixed a huge problem in a file called netapi32.dll. Of course, 2008 was a long time ago in computing circles, but not far enough. I still hear stories about production servers that are missing MS08-067.

Last week, Microsoft took a look back at MS08-067, sharing some of its own war stories, including how they uncovered the vulnerability, developed a fix, and deployed it quickly. It’s unclear who besides Microsoft knew about the problem at the time, but one must assume others were aware of it and using it. They certainly were after the fall of 2008.

Read more

The State Department is just one of many examples of IT gone rogue

Much has been made of Hillary Clinton’s use of her own mail server, running out of her home. It didn’t change my opinion of her, and I don’t think it changed anyone else’s either–it just reinforces what everyone has thought of her since the early 1990s. Then, Ars Technica came forward with the bizarre case of Scott Gration, an ambassador who ran his own shadow IT shop out of a bathroom stall in Nairobi.

The money quote from Ars: “In other words, Gration was the end user from hell for an understaffed IT team.” And it concluded with, “[A]s with Clinton, Gration was the boss—and the boss got what the boss wanted.”

Indeed. And it doesn’t just happen in the government.

Read more

The wrong way to reboot a server

In my day, I did plenty of hardware maintenance in the field. In fact, the only time one of my bosses ever saw me working, I was swapping out failed memory in a server.

“How’d you know it needed to be done?” he asked.

“It told me.” That’s why I always loved HP Proliant servers. My boss looked confused at my answer but didn’t ask me to elaborate.

But not all of my field maintenance always went quite so smoothly. Read more

How to succeed as an IT contractor

I met a young IT contractor a little while back. His talent was sky high. So was his potential. And his rawness. It’s not my place to go into great detail about that rawness, but one thing I noticed about him was that he had a very self-defeating attitude about him. It shouldn’t have been hard for him to succeed as an IT contractor, but he was his own worst enemy.

Several times he started a statement with, “If I don’t get fired,” or something to that effect.

It occurs to me that perhaps my experience as a contractor would be helpful.

Read more

The phantom tech worker shortage

I saw a story yet again about the tech worker shortage, and the backlash against H1-B visas. Reading the comments on Slashdot, I increasingly got the feeling the shortage is a mirage. The people are out there, but the matchups with job openings aren’t happening.

My experience may be anecdotal, but it mirrors this. Read more

WordPress Appliance - Powered by TurnKey Linux