If you have a hot DR site, NotPetya will bite you. Hard. Møller-Maersk, yes that Maersk suffered a complete outage that spread to throughout their entire organization, hot DR site and their backups. The only saving grace was an offline…
More Spectre-like fun times with Intel
Security researchers have discovered more speculative processing bugs with Intel CPUs. The bugs go all the way back to dual core models. The researchers have named this SPOILER. Hah! This bug requires the attacker to have some local access to…
Notable security vulnerabilities for 2018
In continuation of the 2017 post on vulnerabilities, the new year started with a big security bang.
Notable Security Vulnerabilities for 2017
2017 has been an exciting time for discovering security vulnerabilities. There are some that hold your companies assets to ransom. Others can be career ending. So I thought to compile a list to keep track. Remember there is still 2…
STARTTLS
DISA recently started using STARTTLS by default for all mail servers. DISA which runs the US Department Of Defense IT systems. STARTTLS is an encryption standard for email protocol. Current email communications are in clear text. You can protect the…
Microsoft Windows password policy
As part of security policy, the Windows password policy ensures the user’s password is sufficiently complex and fresh. Windows by default do not detect the difference between old and new password. It even accepts a password with one character different…
Managing security compliance
I needed to harden a couple of standalone servers in a jiffy. I remembered there some tools for this and the Security Compliance Manager to the rescue! Make a copy of the baseline Tweak Save as a GPO. Push…
Exploring HTTPS encryption
This is a post on HTTPS encryption long time coming. I have been patching SSL/TLS vulnerabilities in various systems, so I thought I should put all my notes in one place. HTTPS encryption uses SSL and later TLS to protect…
BYOD
What is that? Its Bring Your Own Device. That is the latest trend in end user computing. Instead of the company purchasing the computer for you, you use the allocated amount to buy the device or you supply it. It is…
Yaaahhoooooo!!!
Are you a Yahoo user? You might want to change your password. At the same time to any other web service that you have the same user id – password combination. Yahoo just been hacked via some really old tech…