Stories by By J.F. Rice

When Locky strikes

A friend’s company is hit with aggressive ransomware and calls our manager for advice.

Written by By J.F. Rice20 April 16 00:05

Surprise! You have mystery PCs

Vulnerability scans uncover on the network unpatched, unprotected PCs that IT never even heard about.

Written by By J.F. Rice15 March 16 08:03

The battle of the reboot

Patching has become routine, but patches don’t take without a reboot. That’s a problem when business units insist on zero downtime.

Written by By J.F. Rice23 Feb. 16 00:00

Trying to stay ahead of the bad guys

Even a security manager who has steered away from emerging technology has a change of heart when it becomes ever more difficult to keep up with the ways criminals can sneak into our systems.

Written by By J.F. Rice16 Nov. 15 18:31

Malvertising is a troubling trend

Malware that can infect a computer with no user interaction needed is certainly bad news.

Written by By J.F. Rice15 Oct. 15 19:16

The sharks of the Internet

That’s what hackers are — they should be feared, but our fears are completely out of proportion.

Written by By J.F. Rice04 Sept. 15 17:39

Network analysis is like turning over rocks

I just found out my company's employees have been finding ways to get around my Web filtering. And that came as a surprise, because I use a best-in-class product that employs a database to categorize and block website URLs, which I thought I could rely on. But as I found out, that product is not perfect.

Written by By J.F. Rice20 June 15 05:06

Data held hostage; backups to the rescue

Last year, <a href="">I wrote about a ransomware infection</a> that encrypted the hard drive of one of my company's employees. In that situation, a live, in-person scammer called the employee, claiming to be from "technical support," and tricked the employee into visiting a website that infected his computer. As with <a href="">a similar situation I wrote about in 2012</a>, the infection came from an advertisement on the front page of a major news service's website. The website runs rotating ads, one of which was compromised and hit the victim with a drive-by malware infection (without any intervention by or even the knowledge of the victim). I thought that because the infection was on the victim's personal computer, not on my company's network, we were pretty safe. I thought that if it had been on my network, the attempt probably would have failed, or would at least have been detected right away.

Written by By J.F. Rice19 May 15 23:08

Discovering a blind eye to vulnerabilities

Last week, I was horrified to discover a problem with my <a href="">vulnerability scanner</a>. The product I use relies on a user account to connect to our Microsoft Windows servers and workstations to check them for vulnerable versions of software, and that user account had never been configured properly. As a result, the scanner has been blind to a lot of vulnerabilities. And this has been going on for a long time.

Written by By J.F. Rice13 April 15 23:47

Information overload, SIEM version

It's been over a year since <a href="">I last wrote about my security information and event management (SIEM) platform</a> -- and a lot has happened since then. Back then, I wrote, "Now that my SIEM has been in operation for several months, I've become completely dependent on it, not only for security monitoring, but also for overall awareness of my network."

Written by By J.F. Rice05 March 15 23:14