My Echo Requests

Just when you thought I had gone and left you.....

Dell hit hard..Urgent Security risks…HUNDREDS OF MILLIONS systems affected

It’s been awhile since I’ve posted anything from my line of work – but this one is pretty large and I just wanted to give my friends a heads up. Dell has a driver that can be used by anyone that has access to your laptop, workstation, server etc…to gain admin rights to your system from a simple standard user account. They are working on and just released a new firmware update utility to mitigate this risk.

I urge anyone to make sure you apply updates – I would start by reading and following the Dell announcment:

https://www.dell.com/support/kbdoc/en-in/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability

Want to geek out and see who found it and more – follow:

and:

https://thehackernews.com/2021/05/bios-privesc-bug-affects-hundreds-of.html

The Kaiser’s Pumpkin Carve Off!

First I would like to thank everyone for their participation and for asking us to take a look and judge such a wonderful bunch of contestants! DANG…You guys were all so Good!…(or baaaad…? What’s the cool thing these days?..Phat!? Tubular?) <grin>

Anyhow – This is in no particular order – but we lucked out having a ball last night while trick or treaters came to our house looking for some tricks! (and treats)….Sorry we were so late in getting this up and around – but without further ….wa…it…..

Our first contestant –

Continue reading

Geo-Fencing and Remote Security amidst the COVID-19 Pandemic

As I’m watching more and more of my co-workers send out WFH (Work from Home) emails…as I see more and more users of Webex and other forms of remote connectivity and sharing … my spidey senses start tingling.

Most companies have some form of remote management software deployed for their traveling brethren – but many of them haven’t prepared for full out war and suddenly having thousands of workers coming in remote. This will certainly challenger the network and security teams globally! What about those BYOD guys…no company offered laptops so they are surfing on in from their 2003 bought IBM laptop running XP with no support and protection. Do you have a plan for them? Maybe spinning up remote workstations so the work is done locally and not from their old XP or Windows 7 computers?

What about Geo-Fencing? Do you see all those hundreds of thousands connections looking for a handshake!? Now they are increasingly important to the vital success (or failure) to your business!? Do you know if you do business in Brazil? Do you have people there? Russia? Do you allow remote connections from Geo-Locations that you do not have offices? Maybe it’s time to tighten your defenses and start looking from the outside in again!? Everyone gave up on the boarder…everyone went to the cloud cause they thought it was safer. Was it? Can you see who’s trying to connect to your cloud? Are they your actual remote workers that are forced home or just some generic Taiwan hacker sitting under the radar of 50,000 connection attempts.. because you are overwhelmed at desktop support calls from vpn users that can’t connect? Do you allow remote resources to connect from public Wi-Fi networks? Did you think your help-desk would collapse? *frightening*

How about general physical security – where are your workers really working from? Can someone else see what they are doing? Have you had a proper security education program so your people know about shoulder surfing? Maybe they walked up to the Starbucks counter leaving that laptop behind – unlocked – while remoted into a customer site and updating a dat file for some ancient anti-virus client. Do they know to lock their screen? padlock their laptops? Do you have hard drive full encryption for your mobile workforce? Who’s DNS servers are they using…yours or unknown? Breath..not going to panic…well, maybe a lil?

Phishing attacks have increased for sure – even offering a cure for the virus! We are seeing no release or suspensions of compliance rules so you can bet there will be fines for mishandled sensitive information leaving your networks – are you sure you’re watching your Data Loss tools now? Everyone is connecting from home…you know what they are reading or editing? Did they move it to USB yet? Print out that form of HR birthdays and payroll entries to create happy birthday emails for employees while working from home?

Sure feels like a good time to remember how well a zero-trust network works. If you’ve been doing it all along, you know what you’re looking at. You know what you’ve allowed and only that is what is getting in. You can handle the one off’s that come in because they had to travel to X country and need to VPN in…Create that small group on a time scale of allowed access. etc etc..

My mind just started spinning and I didn’t have a place to vent it so I used this page randomly. Facebook friends just see me as paranoid security guy – Linked in people think I’m trying to get a job or impress odd views. Honestly I’m most likely just thinking outside about all the thoughts in my own head and making sure I, myself, have cross all my T’s and dotted all my i’s…. 🙂

Happy hunting!

January 14, 2019…WIN7 – ONE YEAR TO GO..

Windows 7 – The Final shutdown…

Mainstream support for Windows 7 stopped in January 2015, but users have continued to receive security fixes and patches for known issues as part of Microsoft’s extended support, which runs for five years. However, that’s due to come to an end on January 14 2020, exactly one year from today.

So honestly – I’m still a Windows 7 user and have fought the push to Win 10 for a good long time but the battle is about over. We all have to give in or move to another OS (MacOS, Linux, *BSD, etc)…and everyone knows Windows will win that again.

What’s more scary is the number of Corporate entities that still run this O/S – I’m typing this right now from a major corporate laptop that’s Win7. IF they want to keep this machine thru it’s lease, they can pay for EXTENDED support – and it will probably cost my company up to $1,000,000.00 PER YEAR to continue using it. A MILLION DOLLARS? And they funny part is…MANY will opt for that option rather than migrate.

Anyhow – this is your friendly reminder from your Security guy – Just make the jump…any direction but none. Have fun!

Testing new features…

This is the paragraph function and I can put links like https://www.bluebonnetmobilenotary.com here and see what they do. I’m not liking the simplicity yet so maybe I need more time with this.

hacking away on this new editor

Question: Ass gaskets – who all uses them?

Question: Eating in the office – how many of you know people that eat with their freakin mouth open and have to leave your own office to get away from it? lmao not saying anything…just sayin’….<grin>

Italy notes?

So I got a passport and work is sending me to Italy.  I may turn this blog into a little story about this trip if I can remember I actually have a blog.  This way I can post pictures and then just give a link over to my facebook friends and family without 3 million posts to FB.  🙂  So look out to the 3 users that randomly land on this website a year…prepare to be inundated.

UPDATE: Yep – I forgot again…actually it was more of the fact that I could not upload pictures due to my cell phone barely working there.

so: http://www.echorequest.com/fotos/index.php?/category/107  <—pictures!

Bitter sweet…

Today marks the end of an era for me…just shy of 19 years at my current company.  Today is the last full day at work…leading to a new chapter in my life …in a new strange location with a new wonderful employer and all new things.  I don’t know what the future holds and I can only hope it’s as awesome as my aspirations in my head want it to be!

I do know that I’m going to miss a lot of people here in Tulsa, Oklahoma as I venture down to Austin, Texas.  I also know I’m not that far away and apparently a lot of people want to visit Austin often….so Hey…look me up!  hahaha.

A few people have figured out from my email address that I passed around in my signature file that this is my personal website.  Maybe un-noticed is the fact that I rarely update it….been a LOOOONG while.  Well, I will try to do a little better with that and do things up differently so if anyone wants to know what’s going on in Waynes World….err…uhm, My World – just stay tuned and I’ll try to keep the excitement level and an easy 40something yr old pace.  🙂

Love ya guys…talk again soon!

« Older posts

© 2024 My Echo Requests

Theme by Anders NorenUp ↑