Simple tips to prevent ransomware

Last week at work, I noticed some odd events in an event log, and when I investigated them, I found they were part of a failed ransomware attack. This got me thinking about how to prevent ransomware at home.

Ransomware, if you aren’t familiar, is an attack that encrypts your data and demands a ransom, usually around $300, in bitcoins, and you get a short deadline until it destroys your files. More often than not, paying the ransom is the only way to get the files back, so it’s much better to prevent it.

Read more

Women in tech: The forgotten story of Vector Graphic

Vector Graphic Vector4

I frequently hear lamentations about the number of women in the technology field–or the lack of them. Although there have been a number of successful women in the field, such as Meg Whitman, CEO of HP and formerly Ebay; Marissa Meyer, CEO of Yahoo; and Carly Fiorina, former CEO of HP, men outnumber women in the field and often by a large margin.

That perhaps makes it even more sad that few remember Vector Graphic today. Last week Fast Company profiled this pioneering computer company that time forgot.

Read more

How to mitigate MS15-078 or future Microsoft font driver vulnerabilities

Microsoft rushed out an out-of-band patch, MS15-078, to deal with active exploits in their font driver yesterday. Since pushing out patches takes time, my boss asked me what we could do to mitigate the issue in the meantime.

The biggest threat, by far, is exploit-bearing fonts being downloaded from web sites. Ideally you only install trusted fonts from trusted sources locally on your workstations, right? If not, I suggest you start that practice as well.

You have a couple of options when it comes to blocking fonts in browsers.

Read more

Port 2381: What it is and how to manage it

I was doing some scanning with a new vulnerability scanner at work. It found something listening on a lot of servers, described only as Apache and OpenSSL listening on TCP port 2381. The versions varied.

Luckily I also had Qualys at my disposal, and scanning with Qualys solved the mystery for me quickly. It turned out to be the HP System Management Homepage, a remote administration/diagnostic tool that, as the title says, lets you manage HP server hardware. It runs on Windows, Linux, and HP-UX.

Read more

Workable two-factor authentication

I’m several months late to this party, but I just saw Marcel’s post on Google’s two-factor authentication with a smartphone.

He’s right. It works until someone steals your phone. Once someone steals your phone, you’re in a world of hurt. It’s just a compromise, until we find a way to do two-factor authentication the right way.

The right way is with a smartcard, issued by some sort of central authority.

Read more

End of the innocence for Mac security

Antivirus vendor Kapersky has identified a new trojan horse targetting Macintoshes.  It spreads a botnet based somewhere in China via an infected Microsoft Word document, typically sent as an e-mail attachment.

The spin is that if you don’t use Word on your Mac, you’re safe. That’s true–this week. But going forward, it’s going to take more than that.

Read more

Was CP/M overrated?

Veteran tech journalist Dan Tynan recently published a list of 10 overrated technology products, and CP/M was on his list. But was CP/M overrated? I want to dig into that question a bit.

I think everyone knows the story of how IBM almost used CP/M as the operating system for its PC, but ended up using an upstart product from a small company named Microsoft instead. We’ll probably never know exactly what happened, seeing as the author of CP/M is dead and his business partner is no longer able to recollect those events from the 1980 timeframe, and IBM and Bill Gates have no reason to embarrass themselves by revisiting the story.

But CP/M was the first and most popular operating system for early 8-bit computers, so people who used it remember it fondly, and the way Microsoft steamrolled it made Gary Kildall and his operating system folk heroes to underdog lovers everywhere. Even people who never used it and weren’t even born when Kildall’s company ceased to exist have at least a vague idea of what it was.

Read more

A first look at Inkscape

I’ve been playing with the Windows version of Inkscape, which bills itself as an open-source SVG editor. It doesn’t bill itself as an Illustrator/Corel Draw/Freehand killer, but as a simple vector drawing program, it works.

It takes getting used to. But I think I like it.