notes from an admin for himself. you can read it if you want.

Entries Comments

Custom Search

Mid 2014 basic windows client hardening checklist

4 August, 2014 (11:22) | antivirus/spyware, security | No comments

This is the basic list, not anything fancy:

Step 1. Remove crappy software first

Step 2. Add good software second-

Emet 5.0

Secunia PSI 3.0

Some paid antivirus or MS defender. Do not do free antivirus, if you believe the conspiracy theory crap go to another website. You are like the anti vaccine people.

Install MVPS hosts file

Set up backup software – Mozy, something.

Set up file history on an external drive

If the user is smart enough, have a user user and an admin user. Remove the ability for the admin user to log in.

Step 3. learn more advanced stuff.

Emet 5.0 is out, and there was much rejoicing.

31 July, 2014 (11:44) | antivirus/spyware | No comments

If you know what Emet is, you already use it. So you are happy that 5.0 came out.

If you don’t know what EMET is, download it, try it on a machine with defaults for a while. After you figure out it didn’t break anything, crank it to max security.

If you blame EMET for breaking something, there are 2 possibilities:

1. You visit sketchy places and use really weird software

2. Your machine was owned before you installed.

I have EMET installed on a very large number of systems, we haven’t picked up any noise in the logs. Just real results so far. Great work Emet guys!


My one complaint about emet – if you bing emet 5 and choose the first result, it doesn’t work.

Emet download link bad

Some great tools for your home machine

4 June, 2014 (13:19) | networking, Stupid windows tricks | No comments

DNS Speed test from Steve Gibson –

Run this, figure out which DNS servers are closest and use those.

DON’T use your ISP or computer builder’s DNS.


DNS Speed test. top ones are faster, shorter bars.

DNS Speed test. top ones are faster, shorter bars.












If you don’t have a password manager, please install lastpass and get to work











Dell kbox exploit is out in the wild and probably being hammered on

12 March, 2014 (00:26) | antivirus/spyware, linux, security | No comments

It looks like the Dell Kace folks could use a talking to from the Dell Secureworks folks.

My recommendation (changed 3-12 after taking the time to look at the source code)

1. Disable ports 80 and 443 in a manner you choose

2. Instruct users to submit tickets using email and respond with email

3. wait for the patch, install it with some very careful firewall rules in place and get back to work

Got this email from Dell a little while ago:

Dear KACE user,


We have identified a security vulnerability in the Dell KACE K1000 Appliance that needs to be addressed immediately.


Dell acknowledges the vulnerabilities detailed at and


Dell will be addressing all of these issues in a hotfix for v5.4 SP1, v5.5 and in future releases of the K1000.


In the meantime, Dell recommends that K1000 customers  take the following steps to reduce the risks associated with these issues. Firstly, all customers with KACE K1000 appliances that are exposed to the Internet should shut down all inbound ports and ensure that the K1000 is not accessible from the Internet.  Secondly, all customers should update to the latest available K1000 release, v5.5 that includes a variety of security improvements over prior releases.  Lastly, customers should apply the hotfix when it becomes available.


Information on Dell KACE hotfixes can be found at:




KACE support

Who is What are they doing here?

2 January, 2014 (16:02) | antivirus/spyware, blogging, Monitoring, security | 2 comments

A few friends with wordpress pages have asked about this company lately. You might have seen something like this on your jetpack stats

I keep running in to the theme of SEO and brand management companies this week. I suspect they are part of one or a tool used by one. Overall I’m not worried until I see that they are gaming my site somehow. If you find the traffic from this company disconcerting, you might have bigger fish to fry. There are thousands of hits per day on your server trying to break in to your wordpress site. If you want to see those logs without learning apache or OSSEC, install something like WPsecurity and learn to read the logs. Or BPS security. If you are going to start tinkering with these tools for the first time, PLEASE make sure you know how to do a backup and restore of your page first.

I posted in the comments over on an archaeologist’s blog hopefully I make it past her spam filter so I can see what I wrote. More detail there.

Additionally, I ran a few scans, no malware detected from the site, it actually has a clean rep. They are not listed on spamhaus, here is the link for Cisco’s reputation check – – nothing to see there with any of the major blacklists. These people are a tiny blip. No google rank to speak of.


BAA scramble of 2013 update

2 January, 2014 (00:32) | security | No comments

Google caved in October and started offering a BAA for google apps but it comes with some catches. You have to turn off sites, groups, and a few other services outside their list in order for them to honor the BAA.My attorney does not like the BAA, I am waiting to find out if he is going to let me post his exact concerns. I have my own, but I am not a lawyer.

Microsoft Office 365 has the strongest BAA, but we do have a few small issues with it. They are non-negotiable so we are stuck with it.

Logmein still has no idea what I am talking about so we are almost done dumping them.

To recap, this is for the HITECH Omnibus passed in Jan last year which is now in effect. If you deal with patient records, you have to have a BAA with anyone who touches them. Backups, antivirus, iTunes syncing, heh good luck with apple, they say no.


The ars technica badbios haox of 2013

31 October, 2013 (17:10) | antivirus/spyware, blogging, complaining, prediction, security | No comments

My boss sent this about an hour ago, it was good for a laugh on a few fronts. If you are smrt, you know why otherwise enjoy your imagination for the day. Happy h day!

Ok so if you are having problems firing up your thinker and moving away from this lonely corner of the web,  imagine if you stumbled on a new top secret weapon in your basement that nobody in the world had access to. I think  I would  pick it apart with my haxor skills for say 3 years on my own while wearing a special hat. A pretty hat with a nice texture. Especially if it looked like more advanced life forms built it, the hat not the secret weapon. I wouldn’t use a team or anything. I’d be all like “Hey twitter” I’m awesome cause I’m poking a 80 teraton alien grenade with a hammer and custom made ramen noodle fork. All Rambo up in that shit and then I would be a hero to so many hot chicks. Blue ones. Because I showed that I was pwnd by some secret alien crap even though i’m supposed to be the best security dude on planet earth. That makes chicks dig you. Blue ones.

Ok for the non creative – You might end up dead in a ‘car accident’ after you post something inventive, dangerous and game changing to the espionage world on twitter. Or be on the run to say Taiwan, Russia then Venezuela on a SU-160. (had to put a joke in there) There might be a hundred countries worth of intelligence services who are willing to take the hardware off your hands for a free ride to alienland. Especially while only one website has you on a place near the headline. Man why are nerds so practical? I’m going back to the fun of the 1 source unconfirmed incredibly difficult problems solved, integrated, automated, updated,  3 year old, never leaked, crackpot dreamland for the rest of the holiday. It’s full of giggles. And scaaaAAAAry ghosts. And Cher. Yikes! I think she sings to me at 35KHz through the speakers of a freakin mac air. Has a brilliant timing correction algorithm using the dual microphones for side lobe suppression. Oh wait, they didn’t have 2 mics. Must not be Cher, I meant Yoko and her magick.

This is funny and somewhat related. The story I read in the Wall ST journal today about the number of users Aereo has is not accurate unless it is a lucky guess. Reporters need to check facts, do homework and use some common sense. You know be reporters instead of teenage gossips? –

Check this girls twitter feed. They counted the number of boxes with blinking lights, multiplied times the capacity of the box as given by the owner and published a BS number of user subscriptions. Then boasted about using 3rd grade math skills in order to make this technical assessment.  I need the wall st journal to look at a few of our less busy servers:

Capacity- over 20000 users per hour. 4 servers. WSJ estimate 80,000 users per hour. Given the number of visits with an average of 30 min a day and a subscription rate of over $500 a month I would be incredibly wealthy. But I’m not. We don’t have that many users on that cluster. I could have 2 and those servers look the same. It may turn out 75% of my customers pay and never connect to make me turn all of them on. They did only have two users about six years ago.  Wait a minute they had the same damn number of blinking lights. I feel like the WSJ is just sticking a stick in a angry stick machine now.

I might be full of crap, but I talk on a website with no traffic that I pay to build and maintain. A whisper in a dark alley on the web. A blinding light like The Wall Street Journal should be ashamed.

BTW, in the comments where the nerds are wet dreaming about the alien tech- where are the mac people saying “macs don’t get virus” Something new and different. Maybe a sign of how gullible they are?

The best summary of facebook games I have read in a while

14 June, 2013 (07:31) | games, How to | No comments

This comes to us from an old friend who is one of the best linux admins I have ever met. Very smart guy, his analysis of the typical flash game model is right on and a little entertaining to read:

summary of all click games given so you don’t have to play

Independent Simplisafe review coming soon, those guys are SEO assholes

9 May, 2013 (16:18) | home security, security | 1 comment

simplisafe install box

Oh dear, this looks like work.

Update – I posted a full review after 7 months of use –

Maybe I should have an alternate title, “ADT sucks donkeys.” I dropped about $800 on Simplisafe to see if their security system works as well as the reviews seem to indicate. The problem with Simplisafe is that their SEO is SO good, you don’t know if you are finding real info or one of their marketing tribe schlepping the same crap. If you google Simplisafe, all of the search results are the product of Simplisafe paving the internet with yellow bricks to their house. I will build my own independent review free of any Simplisafe shackles. Their hardware is here, I think the worst they can do to me is turn off my cell and refuse to give me service. If I can make it to the 8th google page of results for a simplisafe search I will consider my effort worthwhile. It may be a warning sign that Simplisafe started working search results so hard, or could be a symptom of winning a battle with an established ADT presence. I don’t know.

Overall the concept is neat. The founder of Simplisafe decides ADT sucks and starts a new company. I agree, we use ADT at work and fight with them every time we need something done. I had to drive to the ADT office to demand service in person twice, despite paying gobs of money as a company vs private individual. The contracts are horrible and ADT doesn’t appreciate you redlining the contract and sending it back like you would for any normal business transaction.

ADT likes to ask you to indemnify them from key tasks like failing to provide security monitoring services. If you haven’t dealt with indemnification clauses, ADT wants you the customer to provide legal consul on their behalf in case you need to sue them for failing to do their job. So if you sue ADT, you already signed a contract saying you will pay for ADTs legal defense against you. Twisted eh? Read your cell phone bill, an iTunes EULA and you will be welcomed into a whole new world of dishonorable conduct.

ADT sales people LIE. I’ll say it again. ADT sales people LIE. We tried to get them to put a lot on paper. They either refused or delayed. Over and over. Many of the promises made never materialized. We asked for a document saying they would cover 3 false alarms per year. They did not. We asked for a document saying they would do a free install if we changed locations. They did not. I don’t remember the other questions we had for them but I’m sure I have plenty stored away in email.

If I understand correctly, these are franchise type deals, so any ADT contractor could be a bad apple out of their control. A few google searches will show you one of two things. Buyer beware doesn’t mean anything to consumers anymore in litigious society or ADT really just has problems as shown by a B+ BBB rating and many losses in court. I have a feeling there are a mix of the two because consumers do suck at reading the contracts they agree to.  My main issue with ADT is cost.

On ADT’s side, once you get the service set up, all the bugs worked out, all the extra over the top money paid, it works ok. We don’t have false alarms often anymore. The interface to program users sucks, is outdated and shows the company would be dead if a computer company. But it works. We get calls when the power goes out at the office and when someone can’t remember their code and walks in. After we had the service for a few years and worked out the kinks I would say ADT is good but too expensive for a low tech low cost service.  I would not ever want to go through the initial woes with ADT again. They are almost as bad as ip5280 for phones.

If simplisafe can get me out from under the thumb of ADT in my new home, and puts the installation/placement decisions on my shoulders I think that is cool. I know I can set the hardware out in a reasonable pattern with logical choke points, flood risks etc. As long as they can provide the monitoring without fail, I can keep the false positives to an absolute minimum.  Their hardware needs to work near the level of ADT hardware.

My Simplisafe box arrived today. There are 25 components and I have very little time to install. Maybe this weekend I can begin. For now I’ll just look at it and wonder how much trouble I signed up for. I started to read the Simplisafe terms and conditions, I’ll hit that a few times and let you know if there are any red flags. Right now the return policy looks great so we can go back to ADT if we need to.

Microsoft Management Summit begins today in Vegas. Already spotted a hooker.

7 April, 2013 (22:39) | Monitoring, OS | No comments

Well we are out at the Four Seasons hotel waiting for the MMS to start. Got registered today, the swag was ok. Nice laptop bag compared to normal, a pen, notebook, not much else. I have to give the little lady some raver light to wear at the party on Thursday. The sessions tonight looked lame,  I’ll start up the real ones tomorrow. Here is my first test with the latest version of Photosynth, haven’t touched it much since an early version in 2007:

4010eb16-d6d4-45d5-bfc5-77e568ba598c WP_20130407_001


« Older entries

 Newer entries »