Let's try another one: I use an exploit (or even just VBA automation) in Word
to password protect all your files. You need to pay me to get them back (or
maybe I don't care whether you get them back, I just like inflicting pain - aka
like most mass market viruses)
Does whitelisting address this
-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Tuesday, 17 April 2012 2:57 AM
To: NT System Admin Issues
Subject: Re: Whitelisting
>>> Whitelisting helps those who help themselves (corporately or individually).
>>> Think of it as evolution in action.
>>
>>Th
SCVMM 2008 has limitations on what it can manage - so you'll still be breaking
out the VMware tools to manage your VMWare side. Dunno about SCVMM 2012
Cheers
Ken
From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Tuesday, 17 April 2012 2:31 AM
To: NT System Admin Issues
Subject: Re: Hooray,
How about I just load another bit of code into the process space of the
existing, whitelisted application (e.g. a .dll). Then there is no need to spawn
any separate executable process.
Unless you are intending to fingerprint every single file on the system, we're
back to square one.
From: And
It doesn't help someone who has the authority to override the controls.
But, thankfully, that's a smaller percentage than people who don't have
that authority.
AV also doesn't help the people who won't install it or update it. But it
has managed to help others.
UAC doesn't help people who turn
*>>Your buffer overflow example illustrates the point. *
It really doesn't illustrate what you think it does, but there's no point
in me going down this route any longer.
You've chosen to selectively read what I've posted, and ignored clear
examples that disagreed with your premise. We'll just h
The first statement is wrong - there is no difference between data and code -
they are just ones and zeros.
Now, an application, can, tell an OS that certain memory addresses contain code
that should not be executed.
But some other application, loading exactly the same ones and zeros, can tell
The user being socially engineered *is* the admin - it's a SOHO environment. It
was the *line* just above what you quoted: "For the SOHO end user, the vast
bulk of infections are either:"
These types of users are being socially engineered *today* despite AV, code
signing, UAC and any number of
Your buffer overflow example illustrates the point. What is being over-written
into the host's execution area? Answer: code/data/1's and 0's from the data
file. Having never written a buffer overflow attack, I'll take your word that
it's "very, very hard to do for anything but the simplest funct
I get much better XenDesktop performance on XenServer, FWIW
---Blackberried
-Original Message-
From: Jonathan Link
Date: Mon, 16 Apr 2012 16:54:58
To: NT System Admin Issues
Reply-To: "NT System Admin Issues"
Subject: Re: Hooray, I'm moving to
VMware!
Not like it's Tennessee or anyth
Just to clarify that you won't get DRS with the Essentials/Essentials Plus
bundle as that comes with Enterprise onwards.
From: Chinnery, Paul [pa...@mmcwm.com]
Sent: 16 April 2012 8:34 PM
To: NT System Admin Issues
Subject: RE: Hooray, I'm moving to VMware!
If you
That's something that can be highly variable also, depending on how resource
hungry the guests will be. We're running a Dell blade chassis, with M710
servers, dual 6-core procs, and 96GB of RAM each. We average around 15-18
guests per host.
Joe Heaton
ITB - Windows Server Support
From: David
Why is it always about size??? ;-)
We have a multitude of various servers - Exchange, Oracle, DCs, BES,
Sharepoint, SQL, email archiving, AV, yada yada yada. That's only the
production servers, we have a small test environment as well plus various
random older servers that were P2V'd and are ke
Do you have a secondary SAN in case there is a problem w/ it?
From: Jonathan Link [mailto:jonathan.l...@gmail.com]
Sent: Monday, April 16, 2012 3:32 PM
To: NT System Admin Issues
Subject: Re: Hooray, I'm moving to VMware!
I don't have vmotion, they're assigned to specific hosts, and
Yeah we are doing about 30+ guests per host, mostly blades systems here.
Z
Edward Ziots
CISSP, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org
From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Monday, April 16, 2012 3:20 PM
To: NT System Admi
#2 is probably the current wave, but I would say it depends on your
environment. Large size enterprises probably keep several physical boxes for
specific use (DC, etc.)
On the other hand, I have a very small side client that I have even virtualized
anything yet. They've got 4 locations, 3 serv
144gb of RAM and a pair of Xeon 56xx's (six core, I forget the exact model).
Keep in mind that if you're like most people your first bottleneck will most
likely be RAM, then disk, with CPU almost certainly last.
I can run all that lot on a single box and it doesn't run slowly, but I would
also
If you have DRS turned on, yes. However, you can also designate that some will
always be on the same host.For example, we have HCIS authentication server
(file) that always uses a certain background server. So, if FSA is vmotioned
to another host, BG1 will follow.
From: David Mazzaccaro [m
On Mon, Apr 16, 2012 at 12:11 PM, Andrew S. Baker wrote:
>>> If it's an exploit, it's going to launch code. The code
>>> won't run in a whitelisting environment unless it's approved by the admin.
>>
>>CMD /C DEL C:\*.* /S /Q /F /A
>
> A - Wouldn't work so nicely in 2008 and above, due to
I don't have vmotion, they're assigned to specific hosts, and are all on
the SAN. So, if a host fails, or I need to do maintenance I can down the
guest and migrate it to another host. This works for hosts that aren't
mission critical or can survive some downtime window during standard
business ho
You can create Host affinity which says they will migrate to a specific host
but VCenter does a good job of balancing the migrations on it's own.
John W. Cook
Network Operations Manager
Partnership For Strong Families
5950 NW 1st Place
Gainesville, Fl 32607
Office (352) 244-1610
Cell (352) 2
We average about 20-25 guests per host right now. More in our development
environment.
What size hardware are you using?
* *
*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for the SMB market…
*
On Mon, Apr 16, 2012 at 2:37 PM, John Cook wrote:
> We average
I'm thinking knocking 1 host off the quote would save me $25k - enough
for a 2nd SAN to be placed in a secondary site.
From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Monday, April 16, 2012 2:45 PM
To: NT System Admin Issues
Subject: Re: Hooray, I'm moving to VMware!
Yes, unle
5-6 guests per host? How tiny are these hosts?
Thanks,
Brian Desmond
br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: John Cook [mailto:john.c...@pfsf.org]
Sent: Monday, April 16, 2012 1:37 PM
To: NT System Admin Issues
Subject: RE: Hooray, I'm moving to VMware!
We average 5-6
That is awesome.
What are the hardware specs of the DL380?
From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk]
Sent: Monday, April 16, 2012 2:43 PM
To: NT System Admin Issues
Subject: RE: Hooray, I'm moving to VMware!
FWIW I can run our entire infrastructure (and do when I'm doing
On Sun, Apr 15, 2012 at 23:24, Ken Schaefer wrote:
>> To drive the point home - If I had to choose between whitelisting
>> applications and blacklisting data, I'd choose whitelisting applications,
>> every time.
>
> Why would you have to make a choice? They are not mutually exclusive options.
Y
How does that work now?
Are the 11 guests distributed dynamically across the 3 hosts? Or are
they dedicated to specific hosts always?
From: Jonathan Link [mailto:jonathan.l...@gmail.com]
Sent: Monday, April 16, 2012 2:32 PM
To: NT System Admin Issues
Subject: Re: Hooray, I'm moving to
Yes, unless your hosts are small, or your guests are huge.
10 guests would only need 2 hosts for redundancy purposes.
* *
*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for the SMB market…
*
On Mon, Apr 16, 2012 at 2:24 PM, David Mazzaccaro <
david.mazzacc...@h
FWIW I can run our entire infrastructure (and do when I'm doing host
maintenance) on a single DL380.
That's around 43 VM's including Exchange 2010, our AD and our primary file
server.
From: David Mazzaccaro [david.mazzacc...@hudsonmobility.com]
Sent: 16 April 201
We average 5-6 per Host with 3 ESXi5 hosts. That being said any host failure
and subsequent failover to the other two hosts will not impact the performance
of the guest machines. It depends on what you are trying to accomplish - the
least possible number of physical boxes or some resiliency.
Great info ASB, thanks, very relevant to a lot of work I've been doing.
---Blackberried
-Original Message-
From: "Andrew S. Baker"
Date: Mon, 16 Apr 2012 14:27:56
To: NT System Admin Issues
Reply-To: "NT System Admin Issues"
Subject: Re: Whitelisting
*>>Data is code. Code is data. The
Either choice can be made to work without tremendous difficulty. But they
do require different considerations.
You'll find enough folks on this list that subscribe to either perspective.
* *
*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for the SMB market…
*
I have 11 guests. I have three hosts so I can survive a host failure
without squeezing the resources on the remaining hosts too much.
On Mon, Apr 16, 2012 at 2:24 PM, David Mazzaccaro <
david.mazzacc...@hudsonmobility.com> wrote:
> How many VMs are you able to run on each of your 3 hosts?
>
System Center Virtual Machine Manager can manage both your VMWare and
Hyper-V hosts...
- http://technet.microsoft.com/en-us/library/hh546770.aspx
- http://technet.microsoft.com/en-us/library/gg610610.aspx
And there are backup solutions which are pointed at your HyperV host and
will backup
*>>Data is code. Code is data. They’re both strings of 1’s and 0’s. *
No, they are most certainly not the same.
*>>The only difference is what is interpreting that string. *
And that's a huge difference.
*>>If data is data, how is it able to cause winword.exe to download a
payload?*
Well, he
How many VMs are you able to run on each of your 3 hosts?
With only 10 physical servers now.. I am wondering if 3 hosts are going
to be overkill.
Even with a play/test environment of another 10 servers Are 3 hosts
a waste?
From: Jonathan Link [mailto:jonathan.l...@gmail.com]
Sent:
Not in my opinion.
But it's all about what you are used to.
-Original Message-
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Monday, April 16, 2012 10:40 AM
To: NT System Admin Issues
Subject: RE: Hooray, I'm moving to VMware!
Is the consensus that VMware is easi
I vote for #1.
If you have a data-center failure, a standalone DC makes it just a little bit
easier to get everything running again. (Note: I'm not suggesting it's a
requirement, but if you are re-starting a datacenter after a full failure,
every bit of simplicity helps.)
From: Paul Hutchings
Yes!
By physical boxes, we'll presume a box that's running as a DC, and not your
hosts as Scott pithily responded... :-) And you may as well run a physical
box for your vCenter if you're going to maintain a solid box for DC.
The idea behind physical boxes, is it gives you something to authentica
All of our DCs are virtual. Just make sure they're on different hosts, in case
the host crashes...
Joe Heaton
ITB - Windows Server Support
From: Scott Crawford [mailto:crawfo...@evangel.edu]
Sent: Monday, April 16, 2012 9:42 AM
To: Heaton, Joseph@DFG; NT System Admin Issues
Subject: RE: Hooray,
Hmm... not sure how much it cost for us. We went with Dell TL2000 libraries,
and the Dell iSCSI-SAS bridge card.
Joe Heaton
ITB - Windows Server Support
-Original Message-
From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk]
Sent: Monday, April 16, 2012 9:37 AM
To: Heaton, Joseph@D
LOL...
From: Crawford, Scott [mailto:crawfo...@evangel.edu]
Sent: Monday, April 16, 2012 12:42 PM
To: NT System Admin Issues
Subject: RE: Hooray, I'm moving to VMware!
> You don't need any physical boxes at all. Period.
I'd at least want some hosts J
From: David Mazzaccaro [mailt
Do you have root cert auto updating enabled?
Thanks,
Brian Desmond
br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: Christopher Bodnar [mailto:christopher_bod...@glic.com]
Sent: Monday, April 16, 2012 11:02 AM
To: NT System Admin Issues
Subject: Re: code signing certificate ?
The documentation currently says #1, but, I expect in the next 6-12 months you
will see that shift to #2. I don't have a problem personally with #1.
Thanks,
Brian Desmond
br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: David Mazzaccaro [mailto:david.mazzacc...@hudsonmobility.
Your hyper-v host is fubar'd and you need to log into it. Your DC is hosted on
that VM hostso you can't log in. You can certainly build it to avoid that
problem, but that is why some people say keep one physical DC. For example you
can have your hyper-v host not be in the domain. Or if you
No third party tools necessary for backing up the servers with VMWare
standard/Ent/Ent+ - VMWare Data Recovery is included
John W. Cook
Network Operations Manager
Partnership For Strong Families
5950 NW 1st Place
Gainesville, Fl 32607
Office (352) 244-1610
Cell (352) 215-6944
MCSE, MCP+I, MC
Data is code. Code is data. They're both strings of 1's and 0's. The only
difference is what is interpreting that string.
If data is data, how is it able to cause winword.exe to download a payload?
From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Monday, April 16, 2012 11:30 AM
To: NT Syst
We have some isolated environments where all servers are virtual (including
DCs). In this case when we had some data center power issues or did some
shut downs, we had to play whack a mole to find the DCs to power them up
first. Since these environments were smaller involving 3 hosts each with
on
I would modify your statements in the following way:
1) Always have a way to boot a DC without the dependancies of other services.
AKA, you can virtualize your DCs if your VM solution doesn't require a domain
to boot/manage. Having a physical DC does solve this problem.
2) Virtualize everything
Well if your entire VMWare infrastructure goes down it's possible to have
issues with DNS unless the virtualized DNS server is set to auto restart AND be
the first machine to come up. It's entirely possible to have everything
virtualized but IMO having a single physical DNS server is just good r
1. Both my dc's are physical.
2. A lot of that depends on the software being used. We have a fax server
that the fax s/w vendor recommended be a physical server. When ICD-10 (medical
coding) comes out, our coding vendor will not install on a virtual server.
Paul Chinnery
Network Admin
Memor
#2
There are rules/best practises to follow such as not using snapshots when
updating DCs that are virtual, but the biggest issue, which used to be clock
skew, is a non-issue these days.
From: David Mazzaccaro [david.mazzacc...@hudsonmobility.com]
Sent: 16 April
> You don't need any physical boxes at all. Period.
I'd at least want some hosts :)
From: David Mazzaccaro [mailto:david.mazzacc...@hudsonmobility.com]
Sent: Monday, April 16, 2012 11:30 AM
To: NT System Admin Issues
Subject: RE: Hooray, I'm moving to VMware!
Speaking of domain controllers, I a
I did briefly look at that. Problem was the iSCSI bridge for the tape
libraries seemed to cost more than simply buying a physical box to connect the
tape library to.
Kind of weird but seemed consistent across vendors.
From: Heaton, Joseph@DFG [jhea...@df
Because it is *data*.
Data doesn't make calls. Code does.That's been the gist of the
argument from the very beginning.
* *
*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for the SMB market…
*
On Mon, Apr 16, 2012 at 12:25 PM, Crawford, Scott wrote:
> Why
Speaking of domain controllers, I am being told 2 different things...
1) ALWAYS keep a single DC physical. You can certainly have virtual
DCs, but you must have at least 1 physical.
2) Virtualize everything you can. You don't need any physical boxes at
all. Period.
Thoughts?
From: An
I didn't think you could point Veeam (or whatever HyperV aware backup app
you're using) to a single entity like you can vCenter and have it backup every
VM that's in your cluster? If you can that's great to know as I always
wondered how it coped with doing incremental backups of a VM when it's
We're using an iSCSI tape library at our field offices, with the backup server
VM connecting to it. Works great for us.
Joe Heaton
ITB - Windows Server Support
-Original Message-
From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk]
Sent: Friday, April 13, 2012 2:37 PM
To: Heaton, J
Why does the code that is spawned need to download some payload or use existing
files? Why can't it make its own win32 calls?
From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Monday, April 16, 2012 10:26 AM
To: NT System Admin Issues
Subject: Re: Whitelisting
Here's one typical scenario:
Data is harmless unless that "data" is actually formed in such a way to exploit
a vulnerability in an application. If so, you've got a whitelisted application
executing arbitrary code from a "data" file.
From: Alex Eckelberry [mailto:al...@eckelberry.com]
Sent: Monday, April 16, 2012 9:19 AM
To:
On Mon, Apr 16, 2012 at 10:21 AM, Alex Eckelberry wrote:
> If it's an exploit, it's going to launch code. The code
> won't run in a whitelisting environment unless it's approved by the admin.
CMD /C DEL C:\*.* /S /Q /F /A
I expect you whitelist CMD.EXE, no?
-- Ben
~ Finally, powerfu
OK, got past that hurdle. i was also able to successfully sign a script
using SignTool. Just trying to figure out the process to verify the
signature, getting this:
SignTool Error: A certificate chain processed, but terminated in a root
certificate which is not trusted by the trust provi
*>> Single "thing" to point backups at - I believe you have to backup
Hyper-V boxes individually?
*
No, you don't have to back them up individually. Lots of 3rd party
options here.
*>> No dependency on the domain being present which can put you in a "fun"
situation if you have to power everythi
I've only used VMware so I'm more than happy to be corrected here, but in no
particular order:
Single ISO takes you from bare metal to working server.
No third party drivers needed for things like MPIO and NIC teaming.
Single management tool.
Single management server (vCenter) gives visibility to
Thanks for clarifying that
On 16 April 2012 16:25, Andrew S. Baker wrote:
> Here's one typical scenario:
>
>- WinWord.exe has a a buffer overflow vulnerability.
>- WinWord.exe is a whitelisted app, so the vulnerability can be
>exploited.
>- Bad guy creates a hand-crafted data fil
No mention of XenServer? It's a lot better than it used to be.
On 16 April 2012 16:15, Andrew S. Baker wrote:
> I would say that VMWare is more feature rich and has a more extensive
> ecosystem of support and add-ons.
>
> Hyper-V is a little easier, but that's not a complete apples-to-apples
> c
Here's one typical scenario:
- WinWord.exe has a a buffer overflow vulnerability.
- WinWord.exe is a whitelisted app, so the vulnerability can be
exploited.
- Bad guy creates a hand-crafted data file that takes advantage of the
buffer overflow vulnerability
- User opens bad data
I would say that VMWare is more feature rich and has a more extensive
ecosystem of support and add-ons.
Hyper-V is a little easier, but that's not a complete apples-to-apples
comparison.
Once you get into them, they're both complex enough, yet easy enough to
manage.
* *
*ASB* *http://XeeMe.com/
I haven't used these formats before, but, three general thoughts:
* Will the certs MMC solve this for you?
* What about certutil.exe?
* The OpenSSL Windows command line utility is a great resource for
converting all manner of certificate formats.
Thanks,
Brian Desmond
I can't speak for anyone else, but I like it. I don't find it hard to work
with. I'm running 5 esxi4.1 hosts with 60 VM's. All of the hospital HCIS
servers (Meditech) are running virtualized.
We did have some hiccups on the way to going LIVE with it. We had a situation
where VM thought the
Yes, but if the bad data is used to perform a buffer overflow so that
custom *code* can be executed to do nefarious acts, then that last step
will fail because the custom malicious code is not authorized to run --
even in a zero day.
No, it doesn't solve every last malware issue known to man, and
Is the consensus that VMware is easier to use than Hyper-V?
I've only used the latter, so I can't judge.
John
-Original Message-
From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk]
Sent: Monday, April 16, 2012 9:36 AM
To: NT System Admin Issues
Subject: RE: Hooray, I'm moving to
A BHO is a DLL, in other words, a PE file. As is an OCX. These would
be/should be covered by a competent whitelisting solution.
AFAIK, Javascript can't do much malicious in and of itself except crash your
browser or do other weird stuff. Where it is malicious is when it can execute
Windows
*>>I don’t understand how you can have an exploit in a data file resulting
in anything else but code execution. *
Exactly.
We've had epic battles about this very point on more than one occasion,
however, so...
* *
*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for
Agreed, if you've got a malicious Word document that exploits a flaw in MS
Word itself, then the only defence is good patching or some other form of
exploit detection. If it's a zero-day, then there's probably nothing except
exploit detection.
Don't want to plug it too much but AppSense Applicatio
Yes, and are great, but I'm not importing directly from the web site like
he was able to. I've got the SPC and PVK files and now need to somehow
import them into the certificate store. That is where I'm stuck. I've just
found this link which seems to be promising:
http://ellisweb.net/2008/08/si
Thanks, Webster... I notice you avoided mentioning your hostile
commentary. :)
LOL
* *
*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for the SMB market…
*
On Mon, Apr 16, 2012 at 8:15 AM, Webster wrote:
> Saw this on twitter from our own world famous ASB:
>a) exploits in existing applications (Acrobat Reader, Adobe Flash,
>Java runtime, Internet Explorer)
>b) social engineering attacks, where the user is convinced to
>run/install some malware that they shouldn't. Despite code signing,
>users are still doing this.
>How will whitelisting help the abo
>But, if we ever get to a world where whitelisting is the predominant
>means of execution control, the bad guys will, out of necessity, be
>relegated to exploiting flaws in applications through data files.
I don't understand how you can have an exploit in a data file resulting in
anything els
Have you looked at Webster's instructions yet?
Mack S. Bolan
On Mon, Apr 16, 2012 at 8:58 AM, Christopher Bodnar <
christopher_bod...@glic.com> wrote:
> OK, the Security team has now provided me the SPC file.
>
> What I'm looking for is how to install the certificate with these 2 files
> (SPC,
OK, the Security team has now provided me the SPC file.
What I'm looking for is how to install the certificate with these 2 files
(SPC, and PVK). According to the information I've found online you should
be able to do this:
pvkimprt -import 1.spc myprivatekey.pvk
Which will them launch a wiz
Support for non MS operating systems, Fault Tolerance, Storage Vmotion for
anything other than W2008R2 .
John W. Cook
Network Operations Manager
Partnership For Strong Families
5950 NW 1st Place
Gainesville, Fl 32607
Office (352) 244-1610
Cell (352) 215-6944
MCSE, MCP+I, MCTS, CompT
I found this in the NTSys Archives:
http://carlwebster.com/how-to-digitally-sign-a-microsoft-powershell-script-with-a-third-party-code-signing-certificate/
-lc
>
> From: Christopher Bodnar
>To: NT System Admin Issues
>Sent: Monday, April 16, 2012 8:21 AM
>Su
I'd assume ease of use and market leader.
-Original Message-
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: 16 April 2012 14:16
To: NT System Admin Issues
Subject: RE: Hooray, I'm moving to VMware!
Someone else asked about this, but I didn't see a reply (although P
Didn't Webster and Brian cover this just last week?
Mack S. Bolan
On Mon, Apr 16, 2012 at 8:21 AM, Christopher Bodnar <
christopher_bod...@glic.com> wrote:
> All help is appreciated , have never done this before.
>
> We are going to start signing our scripts. I requested a code signing
> certi
All help is appreciated , have never done this before.
We are going to start signing our scripts. I requested a code signing
certificate from our Security group, we use Verisign. They handle all the
Verisign certificates. They gave me back a *.PVK file. Shouldn't there
also be a *SPC file as w
Someone else asked about this, but I didn't see a reply (although Postini
frequently blocks messages from this list)... What factors led to you choosing
VMware over Hyper-V?
John Hornbuckle, MSMIS, PMP
MIS Department
Taylor County School District
www.taylor.k12.fl.us
- Original Message
Congrats!
From: Webster
To: NT System Admin Issues
Sent: Monday, April 16, 2012 7:15 AM
Subject: ASB
Saw this on twitter from our own world famous ASB:
is voluntarily transitioning to full time Information Security and IT
Operations consulting in May 2
On Mon, Apr 16, 2012 at 8:15 AM, Webster wrote:
> All I can say is it is about time! As smart, dare I say brilliant, as ASB
> is, he should have zero problems finding work.
Do you owe him money or something? ;-)
Just kidding: I second both the forecast and the good wishes.
-- Ben
~ Final
Congratulations and the best of luck!
-lc
>
> From: Webster
>To: NT System Admin Issues
>Sent: Monday, April 16, 2012 7:15 AM
>Subject: ASB
>
>
>
>Saw this on twitter from our own world famous ASB:
>
>is voluntarily transitioning to full time Information Se
An example of using whitelisting technologies in the enterprise
http://appsensebigot.blogspot.co.uk/2012/03/replacing-your-antivirus-software-with.html
On 16 April 2012 12:46, Ziots, Edward wrote:
> One of the things I see mentioned below is the malicious browser based
> attacks ( BHO's, Malici
One of the things I see mentioned below is the malicious browser based attacks
( BHO's, Malicious JavaScript, etc etc) and that is one area of weakness I see
in the whitelisting solution. Other than that I agree it’s the right way to go.
Being on the other side of "Blacklisting", HIPS etc etc, i
92 matches
Mail list logo