Security Solarwinds password issue - the intern did it. Solarwinds have decided that an intern was to blame for a bad 'backdoor' style password being used in their code. Here I explain why this simple statement shows that solarwinds have a lot of issues that need to be dealt with before I'll trust them again.
Security Microsoft have a big problem with their patching and QA processes Microsoft have admitted to a bug in a recent patch release but their documentation, download site and "fix" for the issue is a woeful mess.
vcentre Finding and fixing a broken cert for VCentre I recently needed to add a cert to a vcentre 7.0 enviroment to allow Skyline and this is normally a striaght forward process. Certainly, 7.0 is many times easier than previous
Security Windows DNS flaw is serious - patch now. Hopefully, you have probably all heard of the "Sigred" vulnerbility in DNS, a security issue which has existed in DNS servers for 17 years. That means that if you run a
Security LDAPS on Windows Servers As some are probably aware, Microsoft were planning on releasing a patch in March 2020 that will make some changes to LDAP. Since that announcecment MS have admitted that they have had a
Infosec Serious RDP Vulnerability found in older OS'es - patch now A serious vulnerability in the popular RDP protocol can leave machines exposed to an attack that will allow a remote person full control. Be aware that AWS is notorious for allowing access to RDP and so I've included a script to help check.
Vmware Two VM Escape flaws found in VMWare VMXNet3 Adapters Two VM Escape flaws found in VMWare VMXNet3 Adapters
Security Using PFSense as an internal CA If you're considered setting up an internal CA, have a look at this.
Security Encryption isn’t the solution to GDPR If you think GDPR can be circumvented just by encrypting everything, you've missed the point of what GDPR is about.
Security Exploring HTTPS headers Know which HTTPS headers to use to help make your site as secure as possible.
Security The US Government are upset at Intel Intel are in trouble with the US Government over Spectre and Meltdown, this is why the US Government are in the wrong.
HTTPS Why do I support HTTPS Everywhere? One of the things I'm passionately in support of is HTTPS everywhere. That is, every single website using HTTPS. It doesn't matter if it's a simple text site or if it's a full
Security Meltdown and Spectre 2018 is certainly kicking off with an interesting set of security issues that affect all processors in use today, Intel, AMD, ARM and so on. In short the three vulnerbilities are: Meltdown -
Security Can we tone down the GDPR Hysteria? I think I may have invented a new phrase today “GDPR Hysteria”, it’s when a company/management team/data protection officer takes the requirements of GDPR and dials them up 11 and
Security Human Factors in security incidents Over the years, every security incident has had its roots in some level of human factors. It's my belief that each time there is a security breach there needs to be an investigation
Security Why website security matters - a practical example. This happens all too often, someone will contact me and try to sell me something, an IT service, a new way of doing things, it doesn't matter. The thing is, if I'm contacted
Security Atlassian accidentally DDOS'ed their own password change service. As a company, if you're facing a suspected security breach then forcing your customers and clients to change passwords is not a bad thing to do. However, when you do this don't end
Security Just how good is IISCrypto? I've played around with IIS Crypto a fair bit, for those who don't know it, it's a freeware application that can make changes to the registry to restrict the protocols that are used
Security Test labs and internet explorer patches Test Labs Test labs seem to be somewhat in focus at the moment with my workplace deciding to dedicate a rack to a test environment that'll hold a Netapp cluster, cisco switch, brocade
Security The issue with antivirus software (2) News of a new botnet set up that is trying to be indestuctible thanks to hiding in the . According to the BBC article 'Code that hijacks a PC hides in places security software
Security The issue with antivirus software I hate anti-virus software. I really do hate the stuff. This is not a mere dislike but an actual hatred. The reason for this is quite simple. In IT security terms any security
Security Renaming local administrator accounts - good or bad? A lot of the time I hear the following statement 'Renaming the local administrator account makes it secure'. No, it doesn't. Renaming the local administrator account just leaves you with a renamed local
Security Exporting from Exchange mailboxes to PST files is a false economy I'm sure most network admins have come across that one user who has a huge multi-gigabyte mail file that absolutely cannot have a single email deleted from it. In these instances the answer
Security New Phishing scams in progress? I think we've all had those emails from the Banks "security" department and which threaten all sorts of mayhem and chaos if you don't go to the site right now and
Security InfoSec 2008 Well, After some false starts involving problems with London Undergrounds District Line I made it to Olympia and to Infosec 2008. The event itself is a good one for picking up the latest