Support Wars

In my current environment, the storage and use of administrator passwords is a sensitive subject.  Luckily ISC SANS has started a robust discussion about the practice. I’m confident in saying that every IT environment has this problem.  You have passwords for service accounts, printers, switches, routers, firewalls, admin passwords for products, build passwords when building servers or [...]

From ISC SANS: As pointed out by several folks writing in to the ISC Handlers group, Microsoft has updated its Security Advisory 975497 – Vulnerabilities in SMB Could Allow Remote Code Execution – to include a “Fix it” workaround that makes it rather easy to disable SMBv2. The “Fix it” links can be found in two locations: – Microsoft [...]

From ISC SANS: Last week Guy posted a diary (http://isc.sans.org/diary.html?storyid=7093) about a 0-day vulnerability in SMB2 on Windows Vista and Server 2008 operating systems. Back then the exploit only crashed affected systems. This is already bad enough; however, it just got worse. Yesterday a well known security company added a module for their exploitation product. [...]

From Schneier on Security: File deletion is all about control. This used to not be an issue. Your data was on your computer, and you decided when and how to delete a file. You could use the delete function if you didn’t care about whether the file could be recovered or not, and a file [...]

From Dark Reading: A denial-of-service (DoS) attack threat to Transmission Control Protocol (TCP) implementations reported more than a year ago re-emerged yesterday in the form of security updates from Microsoft and Cisco, with the two vendors each issuing protections against the potentially deadly attacks. Microsoft and Cisco were the first vendors to address the still [...]

From ISC SANS: We have received a report from Tyler that a vulnerability affecting Microsoft SMB2 can be remotely crashed with proof-of-concept code that has been published yesterday and a Metasploit module is out. We have confirmed  it affects Windows 7/Vista/Server 2008. The exploit needs no authentication, only file sharing enabled with one 1 packet [...]

From Security Focus: Users of the WordPress blogging platform need to beware of a worm making the rounds of Web sites, if they have not updated their software in the last month, the developers of the popular blogging software said over the weekend. The malicious program affects blogs that use WordPress, and which have not [...]

I found this at Tech Republic today and had to repost just for the comment. When I first saw the story about a woman whose use of all caps in her email led to her firing, I will admit I gave myself a high five. If this could happen for Caps Lock, could firing over [...]

From ISC SANS: It all started 40 years ago today, when a couple of computers were connected by a long gray cable in order to pass some data.  The experiment was funded by the Advanced Projects Research Agency (ARPA) and the project was called the ARPANET.  By the end of the year, four sites were connected.  [...]

Does anyone have any experience with ReadyDesk?  I’ve inherited a ReadyDesk install that is years old and the upgrade isn’t working too well.  I’ve attempted to contact their support, but I sat in their online chat for hours with no response.  Anyone have experience with the software?