Why Security News Scrutinized to Nth Degree

Why put such an emphasis on keeping up with the Security news?  When a new hack comes out it takes time to create the attacks and the defenses, that initial time from the vulnerability being introduced is the most important time you have.     Once the Vulnerability is introduced then there is a certain time … Continue reading “Why Security News Scrutinized to Nth Degree”


Time to Drop Flash? How about Java?

There are many articles gleefully advancing when Mozilla and Chrome stopped Flash from running on Tuesday of this week.  (until the new vulnerability was patched) readwrite: http://readwrite.com/2015/07/15/firefox-mozilla-kill-adobe-flash there is even a movement against Flash now: http://www.tomshardware.com/news/mozilla-blocks-flash-in-firefox,29583.html With an interesting militant image:   Why did this happen? Well the problem is that Flash is multi-platform and multi-browser … Continue reading “Time to Drop Flash? How about Java?”

2nd Tuesday(Patch Tuesday) came & went now what?

I did not post about Patch Tuesday last week, So here is the rundown of what happened: Microsoft:   Cisco issued an Advisory on the 13th (Wednesday actually) http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tp It is for their TelePresence products. http://windowsitpro.com/patch-tuesday/patch-tuesday-may-2015-brings-unlucky-13-3-critical-updates I had to show this picture of me on the switchboard after seeing the image in WindowsITPRo   The … Continue reading “2nd Tuesday(Patch Tuesday) came & went now what?”

Threat Modeling? Focus on Detection!

Threat modeling means you will view your network with a subjective eye and find the most likely attack vector. from a security threat point of view.  This is similar to risk Management, where you list all devices and show which ones need the most security attention.  Threat modeling comes from a different direction – and … Continue reading “Threat Modeling? Focus on Detection!”

Forever Day Vulnerability Affects All Windows Versions

Forever Day is a play on the “Zero-day” vulnerability which means the application vulnerability has not been patched and can be hacked. Forever-day now means it is always vulnerable (unless the software vendors figure out a patch), although it may be a configuration problem.   Dark reading has the story: http://www.darkreading.com/endpoint/new-security-flaw-spans-all-versions-of-windows/d/d-id/1319884 The most interesting paragraph: … Continue reading “Forever Day Vulnerability Affects All Windows Versions”