Patch management strategy

Vulnerability management and patch management are close relatives. In most companies, think of them as siblings who hate each other. That’s usually how it plays out. It doesn’t always have to be that way, but it takes some thought and strategy from both sides. Here are some ideas for patch management strategy.

Read more

How easily can someone hack my home computer and steal personal information?

On Monday, March 13 at approximately 10:30 AM CST, I will be appearing on KFUO Radio’s Faith and Family program to discuss home computer security with host Andy Bates. Here’s the scariest question he’s planning to ask: How easily can someone hack my home computer and steal personal information?

Someone asked me that question at work once, except it was about a work computer. I whipped out a copy of a book about Metasploit, flipped to page 137, and started reading. My point was that I could teach this guy how. He didn’t take it well, so I don’t recommend doing that.

My point that I could teach this guy how to do it still stands, though. And I think I could teach Andy how too.

Read more

Use guest networks to secure IoT “smart” devices

A neighbor asked me about a recommendation Steve Gibson and Leo Laporte made a couple of weeks ago about securing your IoT household “smart” devices, like doorbells, thermostats, televisions, and anything else that wasn’t traditionally computerized, by putting it on a guest network.

The short answer is yes, it’s something you should do. It doesn’t make them perfectly safe, but it’s the best you can do, so you should. But I would do it a bit differently from Gibson–I think the ideal setup has two guest networks.

Read more

Recommended DD-WRT settings

Recommended DD-WRT settings

I’ve been asked a few times now for my recommended DD-WRT settings, or at least my good-enough settings. I think that’s a great idea, so I’ll walk through how I configure a DD-WRT router. Follow these steps and I can almost guarantee you’ll have the most secure network on your block.

For the purposes of this tutorial, I am going to assume you are configuring DD-WRT as your primary router.

Read more

Pogue’s attitude is unfortunately far too common

According to David Pogue, since hacking a car is “nearly impossible,” we shouldn’t talk about it anymore.

That, my friends, is precisely what’s wrong with security and security awareness today. Flying to the moon is nearly impossible, after all, and you could easily kill yourself trying. David Pogue has never done it. But Neil Armstrong and Buzz Aldrin did.

Read more

Hacktivism is real, and getting more dangerous

Lost in the stories of last week was a story I really don’t want to talk about, but I have to: Planned Parenthood got hacked, and a database of its employees was stolen.

I don’t want to talk about it because the risk is this story becoming about abortion rather than about security. But it brings up a real problem: Now we know that political activists have the desire and the ability to hack into organizations they disagree with.

Read more

Looking for a career change? Consider web app pentesting

IT jobs aren’t as easy to come by as they were 20 years ago, but web app pentesting is one subset of the field that I don’t see slowing down any time soon. Unfortunately it’s a poorly understood one.

But if you spent any significant time in the 1980s or early 1990s abusing commercial software, especially Commodore and Apple and Atari and Radio Shack software, I’m looking at you. Even if you don’t know it, you’re uniquely qualified to be a web app pentester.

Read more

Why security pros still fly

Security researcher Chris Roberts has posted some inflammatory things about Boeing airplanes earlier this year, going as far as claiming to have once used the in-flight entertainment system, with a special cable, to send commands to one of the engines and affect the plane’s flight.

When I first heard Roberts’ assertions, my initial reaction was to ask why any security professional would continue to board a plane. Then last week Patrick Gray had the brilliant idea to talk to an Airbus pilot. After listening to the interview, I felt better.

Read more

Nostalgia can make you younger

This month’s Social Engineer podcast featured psychology professor Dr. Ellen Langer, whose specialty is mindfulness. Dr. Langer brought up a lot of important things, including the idea of work-life integration rather than the more difficult work-life balance, but another thing she briefly touched on really resonated with me. She brought up a study, originally done in the late 1970s, where a group of 80-somethings were immersed in 1959 for a week. At the end of the week, they didn’t act like 80-somethings anymore. It seems nostalgia can make you younger.

That got me thinking about the power of nostalgia.

Read more

Final thoughts on the Houston Astros’ database

One of my college buddies (Hi Christian!) shared my previous post on Facebook, pointing out that I’m a long-suffering Royals fan in Cardinals country, and adding that what I said was balanced and dispassionate.

I’m normally anything but dispassionate. But in this case, it’s not a baseball matter–it’s a business matter, and neither my employer nor any past employer is involved, so it’s easy to be detached and dispassionate. I guess you can say my take on hacking has changed. I was going to say “evolved,” but “changed” is more dispassionate.

Read more

WordPress Appliance - Powered by TurnKey Linux