7 min
Haxmas
12 Days of HaXmas: What Home Alone Can Teach About Active Defense
This post is the fourth in the series, "The 12 Days of HaXmas."
As you venture from the world of defense, including protecting and monitoring
systems, into the realm of active defense, who can be your mentor? Who can make
you as cool as Frosty?
Does anyone know enough about active defense to make a movie out of it?
OF COURSE!
Macaulay Culkin is the mentor you are looking for. More precisely, Kevin
McCallister [http://www.imdb.com/character/ch0004114/?ref_=tt_cl_t1], from the
Home Alone fra
12 min
Apple
Reduced Annoyances and Increased Security on iOS 9: A Win Win!
Introduction
Early this year, I posted an article [/2015/02/26/the-gif-guide-to-ios-security]
on iOS Hardening that used animated GIFs to explain most of the recommended
settings.
Since then, iOS 9 was released, bringing along many new features
[http://www.apple.com/ca/ios/whats-new/], including better support for
Two-Factor Authentication, as iMessage and FaceTime now work without the need
for app-specific passwords, and as your trusted devices now automatically get
trusted when you authentic
4 min
Microsoft
Microsoft Attack Surface Analyzer (ASA): It's for defenders too!
Attack Surface Analyzer
[http://www.microsoft.com/en-us/download/details.aspx?id=24487], a tool made by
Microsoft and recommended in their Security Development Lifecycle Design Phase
[http://www.microsoft.com/en-us/sdl/default.aspx], is meant primarily for
software developers to understand the additional attack surface
[https://www.rapid7.com/fundamentals/attack-surface/] their products add to
Windows systems.
As defenders, this tool can be very useful.
The tool is meant to identify changes on
2 min
Are you really protected against Group Policy Bypass and Remote Code Execution? MS15-011 & MS15-014
In February, Microsoft published two hotfixes to address issues with Group
Policies.
* Microsoft Security Bulletin MS15-011 - Critical
[https://technet.microsoft.com/en-us/library/security/ms15-011]
* Microsoft Security Bulletin MS15-014 - Important
[https://technet.microsoft.com/en-us/library/security/ms15-014]
Together, these patches address the following issues:
* CVE-2015-0008 MS15-011: Vulnerability in Group Policy Could Allow Remote
Code
Execution (3000483) | Rapid7
[h
5 min
Apple
Top 10 list of iOS Security Configuration GIFs you can send your friends and relatives
Easily share these animated iOS Security tips with friends and relatives!
While iOS is generally considered to be quite secure, a few configuration items
can improve its security.
Some changes have very little functionality impact, while others are more
visible but probably only needed in specific environments.
This guide contains some of the most important, obvious ones, and contains a GIF
for each configuration step to be taken.
If you already know everything about iOS security, use this a