I know, that’s the second time now I am doing this comparison thingy and I promise that I will stop again and deliver you a cool tool as the next post but I read this article: Why I’ve finally had it with my Linux server and I’m moving back to Windows – be sure that you read the comments. To me they are more interesting than the article itself 
Roger
A lot of governments all across the globe are working on starting, restarting or pushing their Cybersecurity initiative. What often concerns me is, that the last real headline has more impact on the strategy and the themes to be addressed than a structure or a plan or a strategy.
This made us thinking about what is needed to run a successful Cybersecurity Agenda within a country? What themes ought to be addressed and in which form.
We came up with a fairly simple model:
To explain the model, we just published two papers about it:
In parallel we are working on a book about this, giving much more examples and background – so stay tuned.
The only thing I really know: When I do a presentation explaining Cybersecurity and at the end show the slide above, governments love it. Typically they approach me asking for the deck – if they are not politically correct they tell me that they just want to get this slide.
Comments are very welcome. If you need/want further information, get in touch with me. Happy to help
Roger
The Enhanced Mitigation Experience Toolkit is definitely not new but I recently realized that not too many people know about it – and they should. EMET helps you to raise your shields against zero-days and any exploit in the wild. I do not say that it is a silver bullet but it is definitely going into this direction – a little bit.
You can find all the necessary information on EMET here:
Before you start, please make sure that you have the Bitlocker recovery key ready (you are running Bitlocker, don’t you?) or that you suspend Bitlocker for the time of the configuration as EMET might change your Data Execution Prevention settings, which change your bootloader, which invalidates the Bitlocker signature, which needs to be proven.
I always love to strengthen my policies and see when something breaks and how. I started to use it and it actually provides you a fairly straight-forward interface with what is running and in which state:
You can then configure your applications and define on which level you want them to be protected. It might then happen that this pops up:
I wont tell you which application it was but I was a little bit scared…
Anyway, if you did not use it yet, I think you should!
Roger
A few years ago I posted on DaRT after having seen it: Microsoft Diagnostics and Recovery Toolset. It is a really good an interesting tool for a lot of problems, one of them being incident response. I just stumbled across one article describing this: Using the Microsoft Diagnostics and Recovery Toolset (DaRT) for Incident Response.
An overview over DaRT can be found here. To prelude rants and questions: DaRT is part of the Microsoft Desktop Optimization package and cannot be downloaded from our website
ROger
Always something new… As these kinds of codes are mainly used on mobile phones (or only used on mobile phones) the malware actually addresses smartphones “only” – in this case Android: Hackers using QR codes to push Android malware. If you use a code such as this (source: ZDnet Article referenced):
You will be redirected to a website hosting the malware.
How often do you use these codes? I am using the gettag below since quite a while and get quite some click-through but personally I am not using them too often.
Anyway: Another attack vector to trick users into doing something they do not want.
Roger