Security
What are software patches? Patches are fixes for “bugs,” or flaws in programs. While some people still like to say “computers don’t make mistakes,” one must remember that computers are designed, built, and programmed by humans… and humans certainly make mistakes. Software patches are created when a problem is found, and the author of the […]
This is part 1 of a 10-part series of articles on protecting your business assets from ransomware. You can read the articles as a series of blog posts, or request a copy of the entire series in this free whitepaper: 10 Critical Steps to Survive a Ransomware Attack. Step 1: Drop Administrator Rights One of […]
We’re seeing a rash of ransomware sweeping across IT systems, ranging from large enterprises to microbusinesses with only a few PCs. As I am writing this, we are in the middle of responding to an incident where a business has been entirely shut down due to being infected with the Locky ransomware. The entire business has […]
Last week, WBUR’s On Point with Tom Ashbrook dedicated an episode to the topic of ransomware. The guests included ransomware victims, as well as a security professional who discussed the problem. Unfortunately, the expert occasionally used jargon that may be foreign without some context, but Tom did a decent job of getting definitions from him. […]
With all of the scams running around the Internet today, it’s easy to ask “what can we do?” Just last week I met with an employee of a company that had been completely shut down for a week due to ransomware (probably Locky, probably delivered by an email to an HR executive who had too […]
Last week, Brian Krebs reported on a disturbing trend in federal (.gov) websites having “open redirects” enabled, allowing scammers to delivery content from seemingly legitimate (government) websites. So why do these open redirects even exist in the first place? Simply put, they are a convenience for website developers. Many websites will offer links to other […]
We regularly receive reports from clients who are denied access to certain websites, all while in the course of performing their legitimate work duties. As this Ars Technica article explains, a number of very high profile websites, including The New York Times, the BBC, MSN, and AOL, were effectively compromised by their advertising partners’ ad […]
Fact: traditional antivirus software will NOT protect your business from many threats on the Internet today. A firewall won’t, either. Not even a full-time security staff will shield you from the most insidious (and probably oldest) threat to your business today: social engineering. Social engineering is difficult to combat with technical controls. Things like spam […]
Our friends at SplashData have published their annual list of the worst passwords they’ve encountered. If yours is one of these (or even close) you really need to change it. Now. Go ahead. We’ll wait while you do.
I’ve written extensively on why administrative rights are bad, and how to drop administrative rights if you have them, but it occurred to me that I never told you how to just see if you have administrative rights in the first place, so shame on me! Here’s how: In any desktop version of Windows (XP, […]