vulnerability Archives

Double-check your security with Qualys Browser Check

Dave Farquhar security April 8, 2016April 3, 2016firefox, psi, vulnerability

In the past, I’ve recommended Secunia PSI as a way to keep your systems up to date. I know from my own experience that it helps, but I also know it doesn’t work 100 percent of the time.

When it comes to security, nothing is more critical than making sure your updates are applying correctly. That’s where my employer comes in, with Qualys Browser Check.

Dave Farquhar

David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.

dfarq.homeip.net

Solve the Java problem

Dave Farquhar security March 25, 2016November 25, 2016JRE, vulnerability, Whitelist

I met with a client earlier this week who asked me to go over their vulnerability scans for a bit of a sanity check. He asked some important questions, but one in particular seems worth sharing. What can we do with Java? Can we solve the Java problem?

Dave Farquhar

dfarq.homeip.net

Recommended DD-WRT settings

Dave Farquhar DD-WRT, security December 24, 2015January 26, 2022AES, AP, chrome, DDWRT, firefox, firewall, lowercase letters, malware, nintendo, SSID, vulnerability, WAN, WEP, wi-fi

I’ve been asked a few times now for my recommended DD-WRT settings, or at least my good-enough settings. I think that’s a great idea, so I’ll walk through how I configure a DD-WRT router. Follow these steps and I can almost guarantee you’ll have the most secure network on your block.

For the purposes of this tutorial, I am going to assume you are configuring DD-WRT as your primary router.

Dave Farquhar

dfarq.homeip.net

I got hacked. I did it to teach you a lesson, and I’m sure you believe it.

Dave Farquhar security November 9, 2015November 8, 2015apache, PHP, vulnerability

The other day, this showed up in my e-mail:

A file change was detected on your system for site URL https://dfarq.homeip.net. Scan was generated on Tuesday, November 3rd, 2015 at 5:25 am

A summary of the scan results is shown below:

The following files were removed from your host:

/var/www/wp-content/cache/supercache/dfarq.homeip.net/wordpress/index.html (modified on: 2015-11-03 03:23:52)
======================================

The following files were changed on your host:

/var/www/wp-content/themes/twentyfourteen/functions.php (modified on: 2015-08-19 22:24:04)
/var/www/wp-content/themes/twentyfourteen/header.php (modified on: 2015-08-19 22:24:04)
======================================

Login to your site to view the scan details.

I didn’t make those changes. Fortunately fixing it when changes appear in functions.php and header.php that you didn’t make is pretty easy.

Dave Farquhar

dfarq.homeip.net

Another reason to block fonts at the proxy

Dave Farquhar security October 29, 2015December 5, 2015apple, CIO, macintosh, os x, vulnerability

Last week Apple released a bunch of patches up and down its product line. One of the vulnerabilities it fixed in OS X was a vulnerability in its font parser.

In the past you could mitigate vulnerabilities like this by only installing fonts from trusted sources, but since it’s now possible for web pages to transmit fonts along with other content, there’s a limitless number of untrusted fonts out there in the world.

Since it may take a while for all of the major operating systems to shake out all of the problems in their font subsystems, that’s the reason I’ve recommended filtering fonts at the proxy.

Dave Farquhar

dfarq.homeip.net

Vigilante router security

Dave Farquhar security October 7, 2015October 6, 2015android, malware, passwords, symantec, vulnerability

Last week, Symantec discovered a worm that infects routers and takes measures to make them more secure. For lack of anything else to call it, Symantec is calling it malware, and most of the security echo chamber is probably howling over this, but I think I understand why it was created.

Dave Farquhar

dfarq.homeip.net

Microsoft looks back at MS08-067

Dave Farquhar security September 29, 2015September 27, 2015certification test, code execution, Information Assurance, vulnerability, windows 2000, Windows XP

The most infamous Microsoft patch of all time, in security circles at least, is MS08-067. As the name suggests, it was the 67th security update that Microsoft released in 2008. Less obviously, it fixed a huge problem in a file called netapi32.dll. Of course, 2008 was a long time ago in computing circles, but not far enough. I still hear stories about production servers that are missing MS08-067.

Last week, Microsoft took a look back at MS08-067, sharing some of its own war stories, including how they uncovered the vulnerability, developed a fix, and deployed it quickly. It’s unclear who besides Microsoft knew about the problem at the time, but one must assume others were aware of it and using it. They certainly were after the fall of 2008.

Dave Farquhar

dfarq.homeip.net

The difference between a vulnerability scanner and a SIEM

Dave Farquhar security September 23, 2015November 21, 2018excel, nessus, retina, splunk, vulnerability

I heard an interesting question the other day: What’s the difference between a vulnerability scanner and a SIEM? Qualys and Nessus are examples of vulnerability scanners. Arcsight and Splunk are examples of SIEMs.

To a security practitioner, the tools couldn’t be much more different, but not everyone is a security practitioner.

On a basic, fundamental level, a vulnerability scanner deals in what’s missing in the environment and what could happen as a result of those things that are missing. A SIEM deals in what actually has happened and is happening.

Dave Farquhar

dfarq.homeip.net

A few more WordPress security tips

Dave Farquhar security September 21, 2015July 9, 2017malware, PHP, vulnerability

There’s some nasty WordPress malware circulating right now. I haven’t fallen victim to that one, but I caught the very early stages of infection myself all too recently. WordPress itself was just updated to close some vulnerabilities, but the biggest problem is the plugins. Unfortunately, the plugins are the main reason to run WordPress.

At my day job, I’ve had the pleasure of working with a very security-conscious webmaster for the last couple of months, and he and I talk about WordPress security frequently and look into what we, or anyone for that matter, can do to make the best of the situation. Here’s what he and I have found in the last week or so.

Dave Farquhar

dfarq.homeip.net

Hacktivism is real, and getting more dangerous

Dave Farquhar security August 3, 2015July 30, 2015breach, vulnerability

Lost in the stories of last week was a story I really don’t want to talk about, but I have to: Planned Parenthood got hacked, and a database of its employees was stolen.

I don’t want to talk about it because the risk is this story becoming about abortion rather than about security. But it brings up a real problem: Now we know that political activists have the desire and the ability to hack into organizations they disagree with.

Dave Farquhar

dfarq.homeip.net