Patch Tuesday Archives - The Silicon Underground

I read Microsoft’s site to a “Microsoft” scammer

Dave Farquhar — Wed, 22 Jun 2016 11:00:40 +0000

“Daniel” from “Microsoft” called me the other day. The number looked halfway legit so I picked up. He out and out claimed to be from Microsoft and said he was getting alerts from my computer. His voice sounded familiar–I think

The post I read Microsoft’s site to a “Microsoft” scammer appeared first on The Silicon Underground.

Expect a rough road ahead for Flash

Dave Farquhar — Wed, 15 Jul 2015 11:00:05 +0000

Adobe has patched Flash twice in two weeks now. The reason for this was due to Hacking Team, an Italian company that sells hacking tools to government agencies, getting hacked. Hacking Team, it turns out, knew of at least three

The post Expect a rough road ahead for Flash appeared first on The Silicon Underground.

Worried about the wrong things? It’s always the wrong thing.

Dave Farquhar — Wed, 06 May 2015 11:00:50 +0000

Guy Wright’s piece titled Internet Security: We were worried about the wrong things is a bit old but it’s an important point. Security is a moving target. It’s always a moving target. I disagree, however, with the assertion that SSL (and its

The post Worried about the wrong things? It’s always the wrong thing. appeared first on The Silicon Underground.

Three things to remember from Verizon’s Data Brach Investigations Report

Dave Farquhar — Mon, 20 Apr 2015 11:00:22 +0000

Every year around this time, Verizon releases its Data Breach Investigations Report, referred to in the trade as simply the “DBIR.” Verizon is one of two companies you call if you’ve been breached and you really want to get to

The post Three things to remember from Verizon’s Data Brach Investigations Report appeared first on The Silicon Underground.

Why Google ratting on Microsoft isn’t all bad

Dave Farquhar — Fri, 02 Jan 2015 11:00:32 +0000

This week, Google published a vulnerability in Windows 8.1 after a 90-day countdown timer automatically expired. Microsoft has not yet released a patch. Controversy ensued. Obviously, yes, an unpatched, well-known vulnerability in Windows is troubling. But the alternative is worse.

The post Why Google ratting on Microsoft isn’t all bad appeared first on The Silicon Underground.

What is Winshock?

Dave Farquhar — Wed, 03 Dec 2014 11:00:47 +0000

So the other day I got blindsided with a question at work: What are we doing about Winshock. Winshock, I asked? I had to go look it up, and I found that’s what they dubbed what I’ve been calling MS14-066,

The post What is Winshock? appeared first on The Silicon Underground.

Retracing the Home Depot attackers’ steps

Dave Farquhar — Fri, 07 Nov 2014 11:00:15 +0000

New details emerged on the Home Depot attack that left 56 million consumers with compromised credit cards. The interesting thing in the new details is that it could have been much worse, but maybe not for reasons immediately obvious. The

The post Retracing the Home Depot attackers’ steps appeared first on The Silicon Underground.

Revisiting Microsoft/Sysinternals Du as a batch file

Dave Farquhar — Fri, 19 Sep 2014 11:00:35 +0000

My tips for using Sysinternals’ Du.exe were well received last week, and my former coworker Charlie mentioned a GUI tool called Windirstat that I had completely forgotten about. For the command-line averse, it’s an incredibly useful tool. But there’s one

The post Revisiting Microsoft/Sysinternals Du as a batch file appeared first on The Silicon Underground.

IT jobs shortage? Slide over to security

Dave Farquhar — Mon, 08 Sep 2014 11:00:19 +0000

IT jobs are getting scarce again, and I believe it. I don’t have a cure but I have a suggestion: Specialize. Specifically, specialize in security. Why? Turnover. Turnover in my department is rampant, because other companies offer my coworkers more

The post IT jobs shortage? Slide over to security appeared first on The Silicon Underground.

Getting started in compliance: Start by doing the right thing

Dave Farquhar — Thu, 11 Jul 2013 11:00:30 +0000

I had a couple of discussions this week about compliance, and the traps of plain old check-the-box compliance, and how to get started in it when regulatory compliance suddenly gets sprung on you. The key is working backwards. Start with

The post Getting started in compliance: Start by doing the right thing appeared first on The Silicon Underground.