Unstable Path

Equifax lost over 140 million customer’s personal information during a recent breach.  44% of Americans just lost control over their social security, drivers license, and credit card numbers along with their names, birth date, addresses…basically everything required to start building false identities and robbing them blind. Continue reading “Oh you sneaky bastards!”

I’ve finally gone pro!  Both my previous blogs have been migrated over to this new site running my own private domain.  The site is still in flux at the moment, but I’m hoping to grow it as time goes on.

Why does everyone in security keep saying they get all their news off Twitter?   Am I just old school for wanting my RSS feeds and podcasts? Continue reading “Does Twitter really suck this bad?”

Ever need access to your home network, but you are somewhat locked into the Cisco AnyConnect client for some reason?  OpenConnect Server is a great alternative to OpenVPN for these situations, and the OpenConnect client is commonly used on Linux distros to connect to Cisco AnyConnect servers.  In my case, I use a combination of Windows, Mac, and Linux some of which are rather locked down. Continue reading “OpenConnect Server with Duo Two-Factor Auth in Ubuntu 16.04”

Isn’t it funny how most crises don’t arise from just one bad event happening? Most crises arise from a long history of small, seemingly good decisions which weaken what used to be a resilient system. While all of those people walk around congratulating each other on cost and time savings, a small few are trying desperately to raise alarms. Those small few become cast as neigh sayers, the enemies of progress. Or, as with my personal situation, specifically ask to no longer be responsible for the resulting mess. Continue reading “Hell Week (or when your AS/400 goes belly up)”

As I sit here in blustery Boston taking a break from SecureWorld for a bit, I’m actually brought back to some of the talks given at other conferences this year. I’ve been going over some of the recent talks at RSA and Shmoocon covering ICS security and frankly, I’m not as impressed as I thought. Sitting where I do in the industry, I see plenty of cyber and physical risks to the electric utility industry that should be addressed. Waving them off as being less important than squirrels isn’t doing the industry any favors. Now every utility and generation executive gets to wave that article around in the faces of their security team as an excuse to cut their desperately needed budget. Continue reading “The real state of ICS security”

Rolling out new Ubuntu servers in a heavily MS infrastructure is always a pain. PowerBroker Identity Services from Beyond Trust makes like a bit easier by allowing Active Directory-based authentication in a straightforward package. Continue reading “Setting up Active Directory Authentication using PowerBroker Identity Services APT install on Ubuntu 16.04”

2016 has been a year full of breaches and a year full of passwords I’ve had to change.  One resolution I’ve made in 2017 is to get away from using any multi-account passwords combinations, which means I’ve got to go full tilt into a password manager. Continue reading “A quick and easy master password tool”

If the guys a Red Tiger Security wanted to kick my brain into black hat mode – they succeeded!  I’ve just gotten back from a 5-day ‘boot camp’ style SCADA security class hosted by SANS in Houston, TX. Continue reading “My thoughts on my recent SANS SCADA training”

Here’s a quick fix when RIS tells you “the computer does not have enough disk space on the selected partition. Continue reading “Quick Fix for RIS Not Enough Space On Partition Error”