Oh, the joys of new and scary security vulnerabilities… The latest of these being dubbed Meltdown and Spectre. The sucky part of these particular vulnerabilities is that they present you with a unique choice: Protect your system, or enjoy the same performance that you are enjoying today. As the entire industry scrambles to get the situation under control, here’s how to check if you’re protected. If you’re running Windows, that is.
There is nothing quite like #TheFeeling when you log on to a server, and are met by a Notepad window with the following text: “Hello. All you files was encrypted. If you wanna recover your files contact me as soon as possible”. Running through the 5 stages of grief in about 3,1 seconds, ending up with the inevitable final stage of acceptance: S**t, we’ve been hacked!
So, the problem at hand is as follows: I have a number of web servers running IIS, each with 20 + app pools. Most of them are set to use .Net Framework 2.0, the rest have no managed code. I need to switch the app pools with version 2.0 to 4.0.
With my new webserver box up and rocking the LEMH stack and fully optimized HTTPS, it’s time to start looking at getting IPv6 going. It kinda fits my modus operandi: If it’s newfangled, totally unnecessary for me to be running, and with semi-high to high geek-cred, then sign me up.
Having just set up the new LEMH stack on my new web server, I wanted to get it set up with https and start optimizing it to be as fast and secure as possible. I tossed together a fast ssl server config in Nginx, got it started up, and headed over to ssllabs.com to see how it was doing. 2,5 minutes later I was staring at the business end of a big fat B. Time […]
I have been planning to switch out my cute little laptop-server for a version 2.0 for some time now. Being a Dell E6400 laptop rocking a Core2Duo and all of 4 giggs of ram, I wanted to trade up to something with a little more oomph, and I kinda had a new slightly less old HP Elitebook with Core i7 CPU and 16 giggs of ram that I was not using anyway. However, finding the […]
So there I was, in the “Sub-basement of Hell” (Also known as the Cornwallis room of The Brewery), just after finishing my talk on Group Policy at Spiceworld London 2015, when I was approached by a member of the audience with a really good question: “If you were to implement group policy in a brand new domain, do you have a list of settings that you would always put in there?” It was one of […]
I was fortunate enough to have the opportunity to speak to an awesome group of Spiceheads at Spiceworld London 2015 on the topic of Group Policy in Active Directory. The session, which was held in the Cornwallis room of The Brewery (Aptly renamed to the “Sub-basement of Hell”) was entitled “Group Policy – One Ring to Rule Them All”. These are my notes from preperation for the session, as well as some answers to a […]
Next week (May 11th – 13th 2015) I’ll be in London to give a session at Spiceworld London 2015 entitled “Group Policy – One Ring to Rule Them All”.
Not that I was not expecting this, based on previous experience, but I recently installed Logwatch on my server, and discovered that I am in fact the target of a pretty determined hacking attempt. Now I say determined, because at least as far as I know, they have been at it for at least a week. But I did not say sophisticated, as they as basically trying to brute-force the root password. Like I didn’t […]