software Archives - Security Musings

Vavada - это онлайн-казино, предоставляющее широкий выбор азартных игр, включая слоты, рулетку, блэкджек и другие. Vavada привлекает игроков разнообразными бонусами и акциями.

Usability vs Security

Posted onFebruary 26, 2022 by Peter Hesse

(This post originally appeared on the Cyber Tech Accord’s signatory blog: https://cybertechaccord.org/usability-vs-security-the-myth-that-keeps-cisos-up-at-night/) As I write this, we are halfway through the fifth month of the COVID-19 pandemic. All of us have had some amount of upheaval in our lives including restricting travel and our contact with friends and family. Some have had even more difficulty – loss of jobs, businesses, and the downturn of entire economic sectors. An uncertain future remains before us. The rapid move by many businesses to support teleworking has caused a boom in technology fields. Some organizations like Amazon, Twitter, Teledoc, and Siemens are treating working remotely as not just a temporary change, but as a more permanent shift. Tech adoption, disruption, and digital transformation are[…]

Innovation in Two-Factor Authentication

Posted onAugust 2, 2013 by Peter Hesse

When I first read the article Authy Makes Using Two-Factor Authentication Easier I thought to myself, “why have I never heard of this Authy thing?” After all, we have been covering two-factor for a while. I went ahead and installed it, and started digging into the application and the company. I even fired off some questions about how they treat the information in the application and I’m impressed. This application is advancing the state of the art for two-factor authentication by making it not just simpler to use, but more secure as well. This article is covering how Authy is simplifying the use of two-factor authentication. Next week I’ll publish another article about how they are also advancing the state of[…]

Microsoft Windows 8 Sync Security

Posted onApril 30, 2013 by Peter Hesse

One of the lesser-known features of Windows 8 is the ability to sync a number of your settings for your system with your Microsoft account. This means you can sync your apps, your people (including Facebook, Twitter, Outlook, and LinkedIn contacts), and your photos so that they all appear no matter which Windows 8 system you log in to. In addition to those settings, you can also sync your themes, favorites, history, and passwords to your Microsoft account. This means that your browser will look and behave the same as long as you are synchronized with the same Microsoft account. These settings presented some concerns to me, because if my Microsoft account got hacked, some potentially sensitive information (passwords, bookmarks,[…]

Updating VMware vCenter and ESXi Certificates

Posted onJanuary 23, 2013 by Peter Hesse

By default, the installation of VMware’s vCenter and ESXi use self-signed certificates with hardcoded passwords to protect the private keys of their SSL web services. While it gets you services that work out of the box, it is really bad form and a poor security practice. If you install (or update to) version 5.1 of the VMware infrastructure components, you will be left with a bunch of warning windows like the ones on the left. If you’re lucky enough to have access to your own public key infrastructure, you can issue your own certificates to replace those provided by VMware so you don’t see constant warnings. However, if you undertake this effort be forewarned: VMWare’s guidance (Replacing Default vCenter 5.1[…]

What to do when you see a phishing email

Posted onDecember 4, 2012 by Peter Hesse

The tl;dr summary for those with short attention spans – Don’t open the attachment, be quick to delete anything you’re not sure about, and if you want to help in the fight against phishing, report it using the guidelines I’ve outlined below. I received a pretty awesome phishing email today. It included a significant attachment that I’m looking forward to analyzing at a later date. Since it will take me a while before I’ve got the time to run the analysis, I decided I wanted to forward it around to the appropriate organizations to ensure that they take some time and analyze it and make sure other individuals can be protected from it. It turns out that there are more places[…]

Keeping Up-to-date

Posted onOctober 25, 2012 by Peter Hesse

Yesterday, this story on Wired was making the rounds: How a Google Headhunter’s E-mail Unraveled a Massive Net Security Hole. Sure, the title is probably hyperbole, but it is an interesting story. At a high level, mathematician Zach Harris noticed that emails from Google – and from several other prominent domains including eBay, PayPal, Yahoo, Amazon, etc. – could be spoofed. Anyone who has ever run telnet to port 25 and sent an email from santaclaus@northpole.net or billgates@microsoft.com knows that email has always been pretty easy to spoof. Given the rise in unsolicited emails also known as spam, something had to be done. In 2006, a working group was founded to try and create a standard that would make email harder to[…]