Featured content

They’ve broken into the largest retailers, key government agencies, and major social media companies, stealing tens of millions of credit card numbers, email addresses, and sensitive data. They’re experts at cracking codes, penetrating firewalls, and placing stealthy malware on our most guarded servers. Can the hackers be stopped?

PowerShell is the dominant method of automating tasks and scripting changes for Windows sysadmins. This article covers getting started with some basic PowerShell usage and how to pass optional customization values into scripts.

Let’s face it people, we’re bad at coming up with our own passwords. They’re too short, too obvious, and hackers have gotten very good at breaking them —either by outright guessing or looking up password hashes in large pre-computed tables.

On the Varonis blog, we recently wrote about how CryptoLocker—the malware that encrypts your local files and holds them for a Bitcoin ransom—has better marketing than many companies. However, we thought it would be helpful to also offer some tactical advice for dealing with CryptoLocker using our sysadmin tool of choice: PowerShell.

The ability to administer and maintain up-to-date user lists and groups is critical to the security of an organization.

1. Here’s an interesting perspective from a CTO on why metadata matters.

The CMU CERT team I referred to in my last post also has some interesting analysis on the actual mechanics of these phishing attacks. Based on reviewing their incident database, the CERT team was able to categorize phishing attacks into two broader types: single- versus multi-stage.

In a Kerberos environment, all users get tickets, or more specifically TGTs (Ticketing Granting Tickets). It’s the starting point for gaining access to services—network files, email, apps, etc. In Windows, there’s one user who stands out, the all-powerful domain administrator. They have access to the keys of the kingdom, literally—the Domain Controller on which the Active Directory databases resides. Therefore the TGT for a domain admin is a valuable ticket.

August is always a good time to check up on the dark side. Black Hat had its annual conference earlier this month, and there are always presentations worth looking at. I’ve been writing about Kerberos recently, and while it’s a big improvement over Microsoft’s NLTM, nothing is ever perfect. I came across a presentation that looks more closely at the weaker points of Kerberos.

Over the years, Mitre, the MIT research group, has been analyzing software bugs and missteps that hackers have been able to exploit. Their Common Vulnerabilities and Exposures (CVE) classifications are something of a de-facto standard used for describing the root software causes in an attack. Working with SANS, the Mitre CVE team has come up with a list of the Top 25 Most Dangerous Programming Errors. Below we take a journey through the top five.

The flaws in NTLM I’ve been writing about might lead you to believe that highly-secure authentication in a distributed environment is beyond the reach of mankind. Thankfully, resistance against hackers is not futile. An advanced civilization, MIT researchers in the 1980s to be exact, developed open-source Kerberos authentication software, which has stood the test of time and provides a highly-secure solution.

There’s been a lot of news lately in the health and fitness wearables space. Apple just announced they’re releasing an app, called “Health,” as well as a cloud-based platform “Health Kit”. Somewhat related, Nike recently pulled the plug on its activity tracking Fuelband. The conventional wisdom is that fitness trackers are on the decline, while the wearables market in general —think Google Glass and the upcoming iWatch–is still waiting for its defining moment.