If you’re still using Windows XP, I wish you’d stop. Seriously, for your safety and the safety of others, I wish you’d stop. The good news is you have some options, and you’ll probably be happier with one of them.
Vulnerability management and patch management are close relatives. In most companies, think of them as siblings who hate each other. That’s usually how it plays out. It doesn’t always have to be that way, but it takes some thought and strategy from both sides. Here are some ideas for patch management strategy.
On Monday, March 13 at approximately 10:30 AM CST, I will be appearing on KFUO Radio’s Faith and Family program to discuss home computer security with host Andy Bates. One of the questions he’s planning to ask: How can I know how secure my home computer is? Or, to put his question another way, how safe is my computer from hackers?
I’m going to use this space to elaborate ahead of time on some of the things we are going to talk about. We could talk for an hour on any of the questions he’s going to ask, and he gave me three questions and 25 minutes. This is my workaround.
On Monday, March 13 at approximately 10:30 AM CST, I will be appearing on KFUO Radio’s Faith and Family program to discuss home computer security with host Andy Bates. Here’s the scariest question he’s planning to ask: How easily can someone hack my home computer and steal personal information?
Someone asked me that question at work once, except it was about a work computer. I whipped out a copy of a book about Metasploit, flipped to page 137, and started reading. My point was that I could teach this guy how. He didn’t take it well, so I don’t recommend doing that.
My point that I could teach this guy how to do it still stands, though. And I think I could teach Andy how too.
I got e-mail the other day from Turbotax saying someone had filed my taxes for me. Obviously a cause for concern, right? Here’s how I determined the message was fake in about three minutes. You can spot phishing e-mails with Outlook the same way.
Some people will tell you not to even open a message like this, but if you’re a computer professional, at some point someone is going to want you to prove the message was fake. I think this is something every e-mail administrator, desktop support professional, security professional, and frankly, every helpdesk professional ought to be able to do.
So here’s how you can get the proof. And generally speaking, Outlook 2010’s default configuration is paranoid enough that this procedure will be safe to do. If you want an extra layer of protection, make sure you have EMET installed and protecting Outlook.
According to David Pogue, since hacking a car is “nearly impossible,” we shouldn’t talk about it anymore.
That, my friends, is precisely what’s wrong with security and security awareness today. Flying to the moon is nearly impossible, after all, and you could easily kill yourself trying. David Pogue has never done it. But Neil Armstrong and Buzz Aldrin did.
A former journalist whose track record includes being fired from the Tribune Co. and from Reuters is facing two decades in prison for giving the hacking group Anonymous credentials to log into a Tribune web site and change stuff.
Anonymous changed one headline, and it took about 40 minutes for someone at Tribune Co. to notice and change it back.
It reminds me of something that happened at the newspaper where I used to work.
I found this collection of hacking e-zines a while back. Some are new, some are old. Some are series and some were one-offs. If you’re interested in the early days of hacking, or the undercurrents of today, it’s not a bad place to peruse.