I have been participating in NG Security European summit lately, where there were lots of nice presentations about how CISOs are perceived by Board and Business Leaders. And the resuts are frightening. As IT needed decades to get at the Board level, Infosec isn’t mature yet and need to evolve its way to sell itself better.
Archive for the 'IT Security' Category
When Windows 10 was released, I had the following options: either keep Windows 8 on my PC, or upgrade to Win10, with some advantages. The start menu was back (although I didn’t need it since I’m using the great TrueLaunchBar utility since many many years), it was a free upgrade (I know what you’ll think about this), and it allowed me to be more secure and test new features. On the other side, it’s obvious Microsoft has shifted into the Cloud business, and now heavily relies on data harvesting. That means I need to harden my laptop to prevent any data leaks.
If you want to understand how to setup a similar config, here is my step-by-step checklist of what I’ve done :
Since nearly 10 years, I use dedicated email addresses/passwords for every single website or company I register online.
That may seem cumbersome to many, as I need to log into a custom platform to create a new email address during registration, and I need to keep a record of all those passwords/emails/credentials somewhere, to remember what and where I’ve done, but this has numerous benefits :
I’ve recently reinstalled or updated most of my currently used applications. During the process, I’ve lost several hours messing around with Python versions and architecture models, « thanks » to cryptic error messages, and incompatibilities.
Here’s a short summary of issues and solutions, so you won’t spend useless time finding what’s wrong !
If you don’t want to read all this, just in short, install both 32bit builds of Python 2.7 and Python 3.3, and NOT the 64bit builds or Python 3.4.
I’ve always wondered about this dilemna :
Even if, as a CISO, you define the best Infosec policy ever, and forbid your users all use of Cloud or unknown services such as Gmail, Dropbox, LogMeIn, TeamViewer to prevent Data Leakage, is that really efficient ?
Your company is not in a closed environment. Or it is already in bankrupcy, because you don’t have clients and contractors.
The embedded file is a Zip archive, containing a fake PDF (the icon is a PDF, but it’s really a .exe file).
You may have noticed that I didn’t tweet anything after december 30th, 2013. The reason for this is that I wanted to archive all my previous tweets and delete them. It’s really no use keeping them on Twitter, as I realized most tweets are about fresh news that becomes obsolete a few days after, or excerpts from « personal messages » between Twitter users, that don’t need to stay online.
As I was investigating all my issues, I tried to see if there was another tool to sniff low-level packets and interactions with the system. Wireshark is a good sniffer, but being multiplatform and portable limits its capabilities to network.
I discovered that Microsoft had a new free product replacing their old (but still good) Network Monitor 3.4. It’s called Microsoft Message Analyzer, can be downloaded here, and seems to be quite interesting according to the dedicated TechNet blog and forums.
Je me souviens…
Last february, I’ve ordered and received a new laptop, to act as my main personal PC. Quite sophisticated, with lots of RAM, CPU, GPU, and SSD, so I could use it also as my infosec lab (running VMs, calculating hashes, doing forensics and more). As my close friends know, I always buy licenses of software I use, and don’t mess with pirated software for a few ethical reasons. So I also bought a Windows 8 Pro set of DVDs from my local store, and installed it a few days later. I also spent several weeks reinstalling all my software from scratch, reactivating licenses and configuring the whole so I could find my old environment back on the new laptop. So this was a laptop which wasn’t supposed to be crashing, using legit software, and admit I really enjoy using it.
But the issues that I experience since the acquisition are quite annoying, forcing me to stay « offline » for several weeks since the begining of the year, and spending days trying to recover backups, understand issues and more… Some of my frequent email correspondants know that I had those issues, since I was quite slow in answering emails during those « shutdown » periods…