mattfahrner.com

Category: Security

  • Equifax

    Being in the industry, I understand how difficult it is to secure an organization, so I have some sympathy for Equifax. As an ex-NSA colleague noted (paraphrasing), “A defender has to protect everything, an attacker only has to find one hole.” That said, their business is PII, so there is a higher standard there. In […]

  • Installing Plixer’s “Scrutinizer” NPMD

    Plixer makes a good “Network Performance Monitoring and Diagnostics” (NPMD) application called “Scrutinizer“. NPMD, as Gartner calls it, mostly omeans, collecting, aggregating, and reporting on Netflow data. Plixer provides a VMware OVF for installation of a virtual appliance. I, however, ran into a few issues with the installation: I couldn’t get the install to work […]

  • Good basic email advice

    Professor Alan Woodward from the Department of Computer Science at the University of Surrey via The Register: “Educate users not to open files that they are not expecting. Practice your ABCs – Assume nothing. Believe no one, and Check everything should be drummed into users – personally I preach ABCD – if in any doubt […]

  • ASA Firewall Rules of Thumb

    Some important Cisco ASA firewall details I and others have learned and shared over the years: Don’t use “security-level” as your method of security. In the long term at best “security-level” will cause you to block traffic you didn’t expect, at worst, it will allow traffic you didn’t want. Why? Well… If you add an ACL […]

  • IC3 Alert on Microchip-Enabled (EMV) Credit Cards

    Unfortunately quite accurate and what a number of us have been saying all along: http://www.ic3.gov/media/2015/151008.aspx The gist can be found in a single paragraph: Although EMV cards will provide greater security than traditional magnetic strip cards, they are still vulnerable to fraud. EMV cards can be counterfeited using stolen card data obtained from the black market. […]

  • More on “tiny” URLs…

    I keep getting them from very smart, very security conscious people. However, to make my point: http://goo.gl/1LJ1Wz I love what they offer but… Some do offer a preview, but users aren’t used to seeing that and unfortunately won’t care (ie: they are so used to getting them without preview, they won’t expect it or demand […]

  • Nothing new here…

    But everyone should read it:

  • Dear Secure Companies…

    Dear Secure Companies, Please stop sending me emails to pick up critical documents or surveys where the URLs I need to follow point into random unverifiable domains. A link that leads to a URL like: http://wl1.peer360.com/b/J9dqJDSALAS87ZWR3Te7/mle.asp?hl=5621312750&r=BBGGHHSF&CID=305151 is not going to inspire confidence and, assuming it isn’t spear-fishing or malware, is teaching end users bad practice. […]

  • Dumping SSL certificate information

    It seems lately I’m regularly having to dump the information from SSL certificates (for instance to get the “Subject” or CA signer). Since I keep having to look up the exact syntax, I thought it easier to save here and figured it might help others. So, if in PEM format, use the following: openssl x509 […]

  • BankInfo Ramnit Article

    Tracy Kitten at BankInfo has an interesting article about the Ramnit worm which is worthy of a read (even I would say by the general public). Ramnit is particularly pernicious because: Ramnit’s man-in-the-middle looks like an actual social-media or bank-account sign-in page that captures a user’s ID and password, and sometimes other personal information en […]