Alex Is Smarter Than a Hacker [Contest]

We had a strong feeling that our Metadata Era readers were up to our hashing challenge. And they certainly came through. After reviewing many solutions, our judges have chosen Alex Bessonov of New Jersey as the contest winter. And his victory came just in the nick of time: his son’s Nexus 7 had recently stopped…

12 Days of IT Security Presents

At the Metadata Era, we decided to start our holiday celebration early. We’ve put together 12 content gift packages that will point you to interesting blog posts, whitepapers, research reports, webinars, and even a few of our favorite tweets from the last year.  So pour an eggnog, sit by your laptop, and enjoy opening our…

varonis-office-365

Varonis + Office 365

What is Office 365? Cloud-based Office 365 for Business and Enterprise allows subscribers to access Microsoft-hosted versions of Exchange, SharePoint, and file sharing services (OneDrive).  This means customers don’t host the infrastructure themselves, and employees can access Office 365 applications and data from anywhere, and from most devices (Mac/PC, tablets, iPad, and smart phones). Are…

2003-donothing-migrate-and-upgrade

Windows Server 2003 End of Life is Approaching

The support for Windows Server 2003 is slated to end July 14, 2015, so it’s time to start thinking about migrating if you haven’t already. According to one TechNet blogger, the average Windows Server migration takes 200 days! The good news is that you aren’t the only IT department facing this reality. It’s anticipated that…

NATURE and IT

What Nature Taught Us about IT Security

And The One Thing We Still Haven’t Figured Out I recently came across Drew Barrymore’s picture of a curious insect, Phyllium pulchrifolium which camouflages itself as a leaf. It made me think about how utterly ingenious nature’s defense mechanisms can be, and the oddly fascinating parallels to information security. (Above: the Phyllium pulchrifolium “encrypting” itself.)…

How can I find out which Active Directory groups I’m a member of?

The ability to administer and maintain up-to-date user lists and groups is critical to the security of an organization. There are a number of different ways to determine which groups a user belongs to. First, you can take the GUI approach: Go to “Active Directory Users and Computers”. Click on “Users” or the folder that…

DisneyTicketBook_wbelf

Authentication Lessons From the Magic Kingdom: A Closer Look at Kerberos, Part II

Let’s continue our journey into the Magic Kingdom as a way to explore Kerberos. Sure the comparison doesn’t completely track, but it’s close and easy enough to grasp that I think you won’t mind missing—trust me on this—the standard Kerberos protocol diagrams. Back to Disney World: you’re now in the park with your passport booklet…

800px-Syringe_and_hypodermic

Top Five Most Dangerous Software Errors

Over the years, Mitre, the MIT research group, has been analyzing software bugs and missteps that hackers have been able to exploit. Their Common Vulnerabilities and Exposures (CVE) classifications are something of a de-facto standard used for describing the root software causes in an attack.  Working with SANS, the Mitre CVE team has come up…

Magic_Kingdom_2

Authentication Lessons from the Magic Kingdom: A Closer Look at Kerberos, Part I

The flaws in NTLM I’ve been writing about might lead you to believe that highly-secure authentication in a distributed environment is beyond the reach of mankind. Thankfully, resistance against hackers is not futile. An advanced civilization, MIT researchers in the 1980s to be exact, developed open-source Kerberos authentication software, which has stood the test of…

hidden - keys-partial

Deadly credential vulnerabilities found in mobile apps

I’m beginning to be known around here as the bearer of bad news on authentication hacks. Unfortunately, I have more to share. In June, researchers at Columbia University announced they discovered secret login keys hidden in thousands of Google Play apps. Left by developers to access their own cloud-based accounts—on Facebook, AWS, Twitter, and other…