Wednesday, August 3, 2016

Apple Devices

Why are people continuing to let this happen?

















Just yesterday I saw another one pop up that was similar.


















Enable 2FA on IOS devices folks.
https://support.apple.com/en-us/HT204915

Derp happens...



Thursday, July 7, 2016

Thoughts on Hillary Clinton Private Server

As some of you may know I am not exactly a Hillary fan. It's not because of political bias or because I vote for a single party (I Vote bipartisan). It's a matter of people that seem to be to big for Jail.

But I wanted to stop and make a really important argument today that Hillary isn't the only one that used a personal email address. The committee hearing can be seen below: (Warning it is 4 hours long)




I will remind people the Chairman that was grilling Comey today uses a gmail address for official business.

At one point during the hearing other members of congress challenged each other to not use personal email addresses to conduct business. At that point when the comment was made I turned off my laptop thinking we are really screwed when it comes to some people that are supposed to be protecting the countries information assets.

Classified vs. Non-Classified
Classified emails are simply marked with a header labeled (C). What escapes me is there seems to be no data leak protection on email sent to external email addresses that are marked as classified.

"In total, the investigation found 110 emails in 52 email chains containing information that was classified at the time it was sent or received. Eight chains contained top secret information, the highest level of classification, 36 chains contained secret information, and the remaining eight contained confidential information. Most of these emails, however, did not contain markings clearly delineating their status."

We all should wonder how many classified emails are leaving the security of their systems unchecked?


Saturday, January 30, 2016

Chromebook Security:A real life story

I've never taken the time to blog about anything personal or work related for that as both of those things I would rather keep private. But this story is just to good to not tell. Back in late November my mom asked for a laptop for Christmas. My parents were leaving on a long four month vacation and she wanted something that she could do video conferencing on for family back home. After asking what all she needed to do with it I opted to get a Chromebook for her.

So I configured it appropriately with an EFF Guide. Which is located here:
https://www.eff.org/deeplinks/2015/11/guide-chromebook-privacy-settings-students

and here:

https://www.eff.org/deeplinks/2015/11/guide-google-account-privacy-settings-students

And was literally all set within a matter of a few minutes.

Here is where things got fun. So I chatted with both my parents over google hangouts one evening and my mom oddly enough said she had to call a company because she was a pop up displayed she was infected with a virus. At first I was taken back a little.... and after I had her repeat the statement she said yes it was infected with a virus so she called the number on the screen. A popup similar to this:



The next thing I asked was what did they say and I shit you not word for word in a heavy thick Indian accent. "Well since you have a chromebook there is nothing I can do. Just throw it in the trash and get a real computer."

Then the guy hung up. My parents said they just powered the laptop down and the message went away. They now know to call me instead of something like this again.

I am now a believer in Chromebook security.  Especially when something stupid like this happens.

Friday, January 22, 2016

So WTF Google?

Update: My Chrome browser has been updated this evening. No alerts about my centos7 systems no longer being supported. All is right again with the world. 


I run a small number of Cent OS 7 desktops in a virtualized environment. After updating to the latest version of google chrome I was met with a nasty message that my Linux system will no longer be supported.

So wtf google?

I'm running a current centos 7 64 bit Linux workstation and you are dumping support for it?

So I am taking to google's support page and I take a look at what is supported.


Pushing chrome support out of centos and RHEL  seems like a mistake for corporate customers. I can understand discontinuing support for 32 bit Linux. But a current major distro that is 64 bit.... Hopefully someone at google will see this after I tweet this for some clarification.

Thursday, January 14, 2016

Sunday, January 10, 2016

Guidance for Protected Browsing

This is some best practice guidance for google chrome. This should be done first before any browsing is to be done.

Works best if you compartmentalize your browsing through a virtual machine or read only cd media.
Virtualbox is free for personal use - https://www.virtualbox.org/wiki/Downloads


EFF guide to chromebook privacy
https://www.eff.org/deeplinks/2015/11/guide-chromebook-privacy-settings-students

@attrc HowTo: Privacy & Security Conscious Browsing
https://gist.github.com/atcuno/3425484ac5cce5298932


Use the following Chrome Add on's as a minimum
HTTPS Everywhere
Privacy Badger
Ublock Origin


Use a VPN before browsing use

Under Chrome Content settings set plugins to do this:


If you want to get into hardcore mode go to chrome://plugins
Disable adobe flash player

You may find your browsing experience doesn't require flash for daily use.

Use a chromebook and do all the above. Chromebooks work great because users can install extensions only. Executables and such won't run on chromebooks. The risk of malware is low.

Compartmentalize

Compartmentalize

Compartmentalize

I can't stress it enough when it comes to your personal data.


Monday, January 4, 2016

Windows 10 Security Guidance for Enterprise users

Update security compliance direct from Microsoft. As of 1-22-16.

Security baseline for Windows 10 (build 10240) – FINAL/Update 1-22-16
http://blogs.technet.com/b/secguide/archive/2016/01/22/security-baseline-for-windows-10-v1507-build-10240-th1-ltsb-update.aspx

Security baseline for Windows 10 (v1511, "Threshold 2") -- FINAL 1-22-16
http://blogs.technet.com/b/secguide/archive/2016/01/22/security-baseline-for-windows-10-v1511-quot-threshold-2-quot-final.aspx


If you want to compare GPO sets you should look at this tool called Microsoft Policy Analyzer
http://blogs.technet.com/b/secguide/archive/2016/01/22/new-tool-policy-analyzer.aspx

LGPO.EXE Tool (Automates the management of local group policy. Best for non domain joined computers)
http://blogs.technet.com/b/secguide/archive/2016/01/21/lgpo-exe-local-group-policy-object-utility-v1-0.aspx

For more Microsoft Security guidance you can follow their blog.
http://blogs.technet.com/b/secguide/