excel

The workstation events you want to be logging in Splunk

Dave Farquhar security , , , , ,

Every once in a while the NSA or another government agency releases a whitepaper with a lot of really good security advice. This paper on spotting adversaries with Windows event logs is a fantastic example. It’s vendor-neutral, just talking about Windows logs and how to set up event forwarding, so you can use the advice with any log aggregation system or SEIM. I just happen to use and recommend Splunk. But whatever you use, these are the workstation events you want to be logging.

I want to call your attention to a couple of items in the paper. Most breaches begin on workstations, and this paper has the cure.

Read more

How to keep Excel from dropping zeroes after the decimal point

Dave Farquhar Office, Software , ,

At work part of my job is reporting security metrics along with my colleague, and sometimes we report things like the number of machines running a specific operating system. The problem we run into is that when it comes to operating system versions, OS X versions 10.1 and 10.10 are really not the same. We run into similar issues with versioning for other operating systems too, such as AIX.

To keep Excel from dropping those significant zeroes on your charts, highlight the column containing your version data and switch it from a numeric format to text format. Then switch to the tab that contains your chart, refresh the data, and your charts will show the zeroes properly.

The missing Lenovo Thinkpad scroll lock key

Dave Farquhar Hardware , , ,
The missing Lenovo Thinkpad scroll lock key

One of my coworkers accidentally enabled scroll lock on a Lenovo Thinkpad L440 the other day, which is bad news when you do it accidentally and can’t find the missing Thinkpad scroll lock key. Read more

Google’s migrating corporate apps to the cloud is less crazy than it sounds

Dave Farquhar security , , , ,

Google is moving its corporate applications to the Internet. A year ago I would have said that’s the dumbest thing I ever heard. Today I’m not so sure.

Sticking stuff in the cloud is the popular answer to everything these days, and I just see the cloud as the new mainframe. It’s not a solution so much as a different take on the same problem, and while I see a couple of potential disadvantages, believe it or not I see some real advantages to the approach as well.

Read more

Don’t e-mail yourself a list of all your passwords and bank account numbers to yourself from work

Dave Farquhar security, War Stories , , , , , , ,

So my buddy, we’ll call him Bob, runs Data Loss Prevention (DLP) for a big company. DLP is software that limits what you can do with sensitive information, in order to block it from going out of the company. The NSA wasn’t using DLP back when Ed Snowden was working for them; they probably are now.

Sometimes DLP blocks people from sending their own personal information. Doing so is their right–it’s their information–but from a security point of view, I’m really glad DLP kept them from e-mailing their entire life around in plaintext.

Read more

How to become an Info Assurance Analyst

Dave Farquhar security , , , , , , , , , , , ,

So, CNN/Money ran a story on the best 100 jobs in the United States, based on pay, projected job growth over the next 10 years, and quality of life ratings. And there was my job title, at #9. I think you should want to become one, so here’s how to become an Info Assurance Analyst.

The field desperately needs more of us, so I’m happy to share with you how to become someone like me. Read more

What is Winshock?

Dave Farquhar security, Windows , , , , , , , , , , , , , , ,

So the other day I got blindsided with a question at work: What are we doing about Winshock. Winshock, I asked? I had to go look it up, and I found that’s what they dubbed what I’ve been calling MS14-066, the vulnerability in Schannel, which is Microsoft’s implementation of SSL/TLS for Windows.

Based on that, I’d argue it has more in common with Heartbleed than Shellshock, but I guess “Winshock” is catchier than “Winbleed.”

Then the lead of another team asked me to brief his team on Winshock. I actually managed to anticipate all but three of the questions they asked, too, which was better than I expected. Some of what I shared with them is probably worth sharing further.

Read more

Computer, how old are you?

Dave Farquhar Windows , , ,

Yesterday I wrote about finding old computers. Here’s how I determine how old a computer is.

There’s a registry key called HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallDate that stores the system build time in Unix format (the number of seconds since 1 January 1970) and hexadecimal. With a few mad skilz you can make that data human-readable.

Read more

SSDs in business: The time is right

Dave Farquhar Hardware , ,
SSDs in business: The time is right

My employer is experimenting with a few desktop PCs with SSDs. And they are amazing. These machines have an Intel Core i5 CPU, 8 GB of RAM, and a 120 GB SSD. They log on and off in seconds. Word and Excel 2010, which are absolute slugs on HDDs, load in one second. The time is right for SSDs in business.

This is what modern computing is supposed to be.

Read more

So I’m not the only one ditching Microsoft Office

Dave Farquhar Software , , , ,

Rick Broida wrote a fairly harsh piece on Cnet about why he’s ditching Microsoft Office. Our reasons differ, and while I agree with all of his reasons he may not agree with all of mine. That’s OK.

I stuck with Office 2003 because its user interface is familiar and makes sense. By using the program, you learn the keyboard shortcuts from the menu and can graduate from casual user to power user relatively quickly. That went away in Office 2007, so I never moved on. Office 2003 was the best version Microsoft ever made, but it loses security updates next month, so it’s the end of the road.

Fortunately, Libre Office has a traditional user interface and most of the same keyboard shortcuts. If you don’t use mail merge, it’s a capable replacement, and it’s free and actively maintained. It’s not as fast as Office 2003 was, but neither is anything Microsoft has made since.

Now, in corporate environments, with a recent version of Office and Sharepoint you can do some really nifty things, like automatically building Powerpoint presentations from Excel spreadsheets created by different people. You could probably approximate the same thing with other software, but what I saw a Sharepoint-literate colleague build this week with MS Office was very impressive.

But I don’t need that at home, and I don’t want to pay $100 per year for the rest of my life to use a program that I tolerate at best, so I’ll save my money and move to Libre Office.