Heartbleed OpenSSL - What I have learned today
This morning, I read about the HeartBleed vulnerability in OpenSSL, and immediately did my due dilligence to determine which of my SSL secured systems were affected. Luckily, I have no reason for...
View ArticleClik here to view.
Heartbleed Bug Poses Serious Threat to Unpatched Servers - A bit on how it works
Hello Spiceheads. I'm sure you have been seeing a lot about the Heartbleed bug on the interwebs. If not, it's such A Thing, it actually has its own logoOne of our crack Security Researchers, Dick...
View ArticleMore Than Half Of End Users Did Not Get Security Awareness Training
This week I attended a webinar about Security Awareness Training hosted by David Monahan, Research Director Security and Risk Management of Enterprise Management Associates. Some astonishing numbers...
View ArticleScreensavers/Automatic Lock - What's your policy?
How do you guys implement screensavers and automatic computer locking?Timeouts?Issues (the one that leaps to mind is "What if I'm giving a presentation?")?How to display something corporate vs. a...
View ArticleSSL Certificates - Wildcard vs. Individual?
Heartbleed has made me think that whilst wildcard certs are really quick to issue and make life very easy when all is good, they are a tremendous PITA if you need to rekey and replace everywhere...
View ArticleUnclassified to Classified HD Access
Good Day All,Question, plan is to apply Windows Security & Critical updates to several Classified Servers (Secret) using ( a Disconnected WSUS Server). My plan is to have an installation of WSUS...
View ArticleEFF: Heartbleed caught in the wild and possibly linked to intelligence services?
EFF Report today suggests that an IP Block that exploited this vulernability is associated with Intelligence...
View ArticleClik here to view.
rrsavings crashing web browsers
I had a user today install a freeware pdf to word converter on their system. After the install all web browsers now close after 1-3 mins of use. In event viewer I was able to find this:Faulting...
View ArticleInternal Audit
Being the new guy one man how for IT,I want to make some changes that will steer the culture to be a little more security conscious.What should I be looking for in an internal security audit?
View ArticleHow are you informing users about Heartbleed
I working in a situation where some of the users are staff and some are residents. I am trying to determine how to inform them about Heartbleed and what they should do. Most of the residents are very...
View ArticleEmail Encryption
I am looking for an email encryption solution I can deploy for internal HIPPA/PCI related email. External encryption is handled through a security applaince, but internal is plain text. I have used...
View ArticleClik here to view.
Wall Street Journal Quoted Me Regarding Ransomware Phishing Attacks
This week, Wall Street Journal MarketWatch reporter Priya Anand quoted me in an article she wrote about the new wave of ransomware phishing attacks.She started out with: "Malware attacks that hijack...
View ArticleWhat I think I know about heartbleed. (Can someone confirm?)
Been doing some Googling and searching about HeartBleed.I don't know a great deal about web servers, just thought I'd get that out there. I'm a 17 y/o helpdesk tech.Firstly, who took the time to make a...
View ArticleWe got our first CryptoLocker infection today
I also found out today that our Fileservers don't run backups.Yep.From what our consultant explained to me today, that because of the large size of our file servers drives (almost 2 TB) we don't run...
View ArticleSymantec PGP or CheckPoint?
I need to purchase an encryption product that meets the FIPS 140-2 standard to encrypt the entire hard drive on about 100 laptops. I have found two main products that meet this standard (and I am open...
View ArticleDue to Heartbleed is anyone enforcing a password change across the organization?
we are, frankly if my users complain about anything most often its passwords
View ArticleProduct Specific Security Information Updates?
Does anyone know if there's a way to have a central source of information and notifications regarding very specific product updates? I went looking through Spiceworks' Device "profiles" expecting to...
View ArticleDomain-defined GPOs take effect on local admin computers?
If you create, say, a security GPO that locks a user out of control panel, and they're a local administrator (full), will the local admin account overwrite that GPO (since local admin has full,...
View ArticleClik here to view.
CryptoLocker infection changed payment price?
Hello,Just an informational post I guess. Working on no sleep and I know variants are out there but just in case. Got infected with a cryptolocker virus, here are some differences I see from the...
View ArticleWe are considering moving from SECNAP to Secureworks for our IPS
Does anyone have any advice? We are pleased with SECNAP, but the cost savings could be up to 50%
View Article