-
Data Security
Feb 26, 2015
Windows 10’s Security Reboot, Part I: Authentication
There’s incredible excitement about the Windows 10 release. If you completely quantum leap over Windows 9, you’d expect big things. In December, I was talking with NYU-Poly’s Professor Justin Cappos. He’s a security expert and had nothing but high praise for Microsoft’s security group. But he added their cutting-edge research doesn’t necessarily make it into their products.
Michael Buckbee
2 min read
-
Data Security
Feb 13, 2015
How to Detect and Clean CryptoLocker Infections
CryptoLocker is by now a well known piece of malware that can be especially damaging for any data-driven organization. Once the code has been executed, it encrypts files on desktops and network shares and “holds them for ransom”, prompting any user that tries to open the file to pay a fee to decrypt them. For this reason, CryptoLocker and its variants have come to be known as “ransomware.”
David Gibson
4 min read
-
Data Security
Feb 11, 2015
Someone Deleted My File. How Can I Find Out Who?
If you’ve ever been tasked with recovering a lost file or folder and had to explain exactly what happened (Who moved or deleted it? When did it happen? Why?), you know how annoyingly time-consuming it can be. And sometimes you simply don’t have any good answers. All you can do is restore from backup.
Michael Buckbee
1 min read
-
Data Security
Feb 05, 2015
Going Back To SQL Server 2008 In Order To Move Ahead
Last year, Microsoft ended its support for SQL 2008/R2. Customers with an enterprise agreement are still supported, but it’s a good idea to start planning your upgrade. Upgrading your production SQL Servers without a detailed plan of attack can be risky and result in a messy, time-consuming weekend (or two).
Michael Buckbee
2 min read
-
Data Security
Feb 02, 2015
PCI DSS Explained: Our New White Paper Decodes the Complexity
The Payment Card Industry Data Security Standard (PCI DSS) is not just another list of requirements for protecting data. In 2013, the number of credit and debit card transactions worldwide reached over 100 billion—that’s lots of swipes and 16-digit numbers entered! With its almost 300 controls, PCI DSS provides the rules of the road for protecting and securing credit card data for every bank, retailer, or ecommerce site.
David Gibson
1 min read
-
Data Security
Jan 14, 2015
The Journey to File Permission Perfection
More devices than ever. More platforms to choose from. An expanding universe of data choices that can be both exciting and confusing at the same time. Tablets, phablets, laptops, iOS, Android, Windows, UNIX/Linux file servers, and NAS devices. Add SharePoint, Dropbox, Google Drive, and LinkedIn to the mix. These are all awesome platforms for allowing businesses, organizations, and individuals to connect and collaborate on documents and projects through portals.
Michael Buckbee
6 min read
-
Data Security
Jan 06, 2015
Interview With NYU-Poly’s Professor Justin Cappos: Security Lessons From Retail Breaches
I had the chance to talk with cyber security expert Justin Cappos last month about the recent breaches in the retail sector. Cappos is an Assistant Professor of Computer Science at NYU Polytechnic School of Engineering. He’s well known for his work on Stork, a software installation utility for cloud environments.
Michael Buckbee
7 min read
-
Data Security
Dec 29, 2015
Microsoft Fixes A Kerberos Silver Ticket Vulnerability
Note: This post has created a bit of controversy among the security illuminati! A post on Still Passing the Hash Blog 15 Years Later explains the issues. I think a large part of their argument is that I’m saying vulnerabilities related to Silver Tickets are now once and for all resolved by Microsoft. Yes, I should have been a little clearer in this post but I’m referring to a very specific scenario. For those who live and breathe ticket-based attacks — my apologies. I’ve adjusted the title to reflect this. I’ve reached out to the author of the post to explain more about the specific attack I’m referring to. I’m hoping to relay back his deep knowledge as soon as possible.
Michael Buckbee
4 min read
-
Data Security
Nov 24, 2014
Are You Smarter Than a Hacker? [CONTEST]
They’ve broken into the largest retailers, key government agencies, and major social media companies, stealing tens of millions of credit card numbers, email addresses, and sensitive data. They’re experts at cracking codes, penetrating firewalls, and placing stealthy malware on our most guarded servers. Can the hackers be stopped?
Michael Buckbee
3 min read
-
Data Security
Nov 17, 2014
Getting Started with PowerShell Option Inputs
PowerShell is the dominant method of automating tasks and scripting changes for Windows sysadmins. This article covers getting started with some basic PowerShell usage and how to pass optional customization values into scripts.
Michael Buckbee
1 min read
-
Data Security
Nov 12, 2014
How to Be Your Own Best Password Generator
Let’s face it people, we’re bad at coming up with our own passwords. They’re too short, too obvious, and hackers have gotten very good at breaking them —either by outright guessing or looking up password hashes in large pre-computed tables.
Michael Buckbee
2 min read
-
Data Security
Sep 19, 2014
What You May Have Missed
1. Here’s an interesting perspective from a CTO on why metadata matters.
Michael Buckbee
1 min read
SECURITY STACK NEWSLETTER
Ready to see the #1 Data Security Platform in action?
Ready to see the #1 Data Security Platform in action?
“I was amazed by how quickly Varonis was able to classify data and uncover potential data exposures during the free assessment. It was truly eye-opening.”
Michael Smith, CISO, HKS
"What I like about Varonis is that they come from a data-centric place. Other products protect the infrastructure, but they do nothing to protect your most precious commodity — your data."
Deborah Haworth, Director of Information Security, Penguin Random House
“Varonis’ support is unprecedented, and their team continues to evolve and improve their products to align with the rapid pace of industry evolution.”
Al Faella, CTO, Prospect Capital