Blogs

Java Deserialization: Running Faster Than a Bear

Software components that were once good can sour instantly when new vulnerabilities are discovered within them. When that happens, the bears are coming, and you have to respond quickly.

 

StmwfF.jpeg

Two men are walking through a forest. Suddenly, they see a bear off in the distance, running toward them. Adrenaline pumping, they start running away. But then one of them stops, takes some running shoes from his bag and starts putting them on.

“Frank, what are you doing?” says the other man. “Do you think you will run faster than the bear with those?”

“I don’t need to run faster than the bear,” Frank replies. “I just have to run faster than you.”

This scenario repeats itself every time a new security vulnerability is discovered in a widely used open source component. Imagine the bear as your adversary. Rushing to attack when easy prey is present. Your response time is critical.

Sneakers on. Go!


For my complete story, please continue to Dark Reading http://www.darkreading.com/vulnerabilities---threats/java-deserialization-running-faster-than-a-bear/a/d-id/1325134

 

 

5 Steps to Improve Your Software Supply Chain Security

 

Organizations that take control of their software supply chains will see tremendous gains in developer productivity, improved quality, and lower risk.

To improve management of component vulnerabilities, consider these five steps, which mimic a number of the supply chain management concepts originated by quality guru W. Edwards Deming to improve quality, accelerate feedback loops, and increase efficiencies of manufacturing operations. The same approaches are being adopted by organizations improving their own operations through the adoption of Continuous Delivery and DevOps processes:

1. Create a software bill of materials for one application: Visibility into one application can help you understand your current component usage. A number of free and paid services are available to help you create a software bill of materials within a few minutes. The bill of materials will help you identify the unique component parts used within your application and the suppliers who contributed them. These reports list all components used, and several services also identify component age, popularity, version numbers, licenses, and known vulnerabilities.


For more tips and my complete story, please continue to Dark Reading http://www.darkreading.com/vulnerabilities---threats/5-steps-to-improve-your-software-supply-chain-security/a/d-id/1325135

 

Be the first to comment

Select Data to update on a Multi Asset Scan - BarKode 3

BarKode 3 for Dell KACE K1000 & Asset Management ApplianceszI6nud.jpeg

The ability to update set data for multiple Asset records is important for ensuring timely, accurate updates to your Asset history. This function can be used for auditing locations, moving equipment to stores or assigning equipment to projects or individuals.

We have added in new flexibility to our BarKode 3 UI so that you do not have to update every data item when scanning your assets. This means that you can store multiple data values in your Asset Type, but when updating using the BarKode UI, you can choose to update just a single value, for example Location, Owner or Status.

The following link shows a short demo of how quick and easy it is to scan and update multiple Asset records direct to you Dell KACE K1000.




Be the first to comment

Split Mac Fusion Drive / Core Storage Volume in order to install DeepFreeze

Mac ships Minis and some laptops with Fusion Drives and/or CoreStorage volumes. As of January 2016, the only way to install DeepFreeze on machines shipped with either of these technologies is to break the fusion by deleting the logical volume.

BEFORE IMAGING a Mac with Fusion Drive technology (which makes the internal SSD and traditional HDD behave as a single drive), the Logical Volume Group needs to be deleted, which formats the drive back to Mac OS Extended (Journaled) volumes (JHFS+). The following article walks through the process step by step: Mac World article on Splitting a Fusion Drive

TO SPLIT THE FUSION DRIVE:
Boot to the imaging server, open Terminal and use the following commands:

to get the Logical Volume Group ID (lvgUUID) - "diskutil coreStorage list"
to delete the Logical Volume Group - "diskutil coreStorage delete lvgUUID" (replacing lvgUUID with the ID copied from the top of the list results)


Faronics knowledge base articles discussing the issue:

http://support.faronics.com/Knowledgebase/Article/View/398/35/problems-installing-deep-freeze-mac-on-laptops-running-yosemite-1010

http://support.faronics.com/Knowledgebase/Article/View/343/8/can-deep-freeze-protect-fusion-drives-or-corestorage-file-vault-volumes

Be the first to comment

Quickfix for "error (Handshake Failed)" in KACE patching

Recently we updated all our KACE agents to 6.4 and once we did that, none of our servers were patching and a small amount of our windows workstations weren't either as they all came back with "error (Handshake Failed)" as their status. They were either missing all their .ospx files or just 1 of 2 of them. Since we have over 80+ servers coming back with this I really couldn't be bothered to go through each one and copy over the files they have missing so I wrote a powershell script to do it for me.

This script has a few limitations such as it doesn't support 32-bit PCs (purely because we don't have any so I didn't want to spend time writing lines for something that will never run for us) and it will not fix these issues for XP, Server 2003 and some 2008 servers (due to requiring at least Powershell 3.0 for the Invoke-Webrequest line to down the ospx files direct from the KACE server.
######

# A little script to confirm all ospx files are in place for KACE patching. This will not work for x86 Win machines as 2003 and 2008 do not support Invoke-Webrequest out of the box and we don't have any x86 client machines.

# USAGE:
#
# By Mike Donaldson (tekctrl@gmail.com)
#
######

#Specifiy variables.
$OS = ((Get-WmiObject Win32_OperatingSystem).Caption)
$ProgramFiles = "C:\Program Files (x86)\Dell\KACE\"

#First of all clear up any *.part files.
remove-item ($ProgramFiles + "*.part")
remove-Item "C:\ProgramData\Dell\KACE\patches\*.part"
#Work out the OS and the appropriate OS ospx file.
switch -wildcard ($OS)
{
'*2008 Standard*' {$kaceDL = 'win2k8.ospx'}
'*2008 R2*' {$kaceDL = 'win2k8r2x64.ospx'}
'*2003*' {$kaceDL = 'win2k3.ospx'}
'*Windows 10*' {$kaceDL = 'win10x64.ospx'}
'*Windows 7*' {$kaceDL = 'win7x64.ospx'}
}
#List out the ospx files required to compare to.
$ospxList = @("winapplications.ospx",
"windependencies.ospx",
"winsecuritydefinitions.ospx",
$kaceDL
)
#Get a list of ospx files currently on the system.
$ospxInstalled = @(get-childitem $ProgramFiles -filter *.ospx -Name)
#Compare the 2 lists and get a list of all missing files and any missing, download and store in the KACE program files location.
compare-object $ospxList $ospxInstalled |ForEach-Object {$_.InputObject}| foreach{
echo $_
Invoke-WebRequest ("http://kbox/patches/" + $_) -OutFile ($ProgramFiles + $_);
}
echo "We're done here. Fingers crossed, it's fixed KACE handshake issues now"
After I ran this I saw that all our servers were detecting missing patches once again and all was well in the world so I could get back to the pub.
Be the first to comment

MS Visual Studio Enterprise 2015 Update 2

it has been quite a hazzle to install or uninstall Visual Studio Enterprise on a Win7 machine.

So here is it is.

Install:
\\ShareName\vs_Enterprise.exe" /AdminFile "\\ShareName\DeploymentConfig.xml" /ProductKey XXXXXXXXXXXXXXXXXXXXXXX /passive /norestart
Within the deploymentConfig.xml modify the the line to 

<BundleCustomizations TargetDir="C:\Program Files\Microsoft Visual Studio 14.0" NoCacheOnlyMode="yes" NoWeb="yes" NoRefresh="yes" SuppressRefreshPrompt="yes" Feed="default" />

Even after using the switches /full /NoWeb /NoRefresh it would not allow you to do the full installation.

Uninstall:
"C:\ProgramData\Package Cache\{675a5109-38d6-406c-9e75-d0e922f87a58}\vs_enterprise.exe" /uninstall /force /passive


Using this as the uninstall string as the removes the whole application as a bundle.

If you are using anything before Update 2 it would ask you to update the application before you try to uninstall it. So get the latest version of the application and then do the install and then the uninstall.
Be the first to comment
Showing 1 - 5 of 2954 results