Michael AM Felt

Michael AM Felt




Bookmark and Share
RSS

Recent Posts

  • Back to Basics: aixpert
    May 2, 2018
  • Determining Patching Responsibility
    March 22, 2018
  • AIX, Security and the Basics
    February 27, 2018
  • The Danger of SUID, and using FLRTVC to Identify Vulnerabilities
    February 8, 2018
  • Revealing the Obvious in OpenSSL
    January 2, 2018
  • Back to Basics: aixpert

    On the road again. Nothing surprising about that because I travel internationally two or more times a month. What is unusual is that this year about half of my trips are security related (the other main topic is performance although I prefer the term resource optimization).

    Read More

    Posted: May 2, 2018 |

    Determining Patching Responsibility

    Recent news (and my latest blogs!) have focused on the (sorry) state of patching. While this is a common state, it’s generally not the fault of the IT staff. They would love to patched to within “N-1” and have security patches installed. However, the business is (or claims to be) 25x8 and so interruptions to the business aren’t allowed and maintenance never gets done.

    Read More

    Posted: March 22, 2018 |

    AIX, Security and the Basics

    This year I have been much more active with assisting clients to get their systems secured. Securing systems begins with the basics. Administrators know this—but does the business know their risks when admins cannot do their part?
     

    Read More

    Posted: February 27, 2018 |

    The Danger of SUID, and using FLRTVC to Identify Vulnerabilities

    Earlier this week, IBM Security released a notification about “an unspecified vulnerability that would allow a locally authenticated user to obtain root." Reading deeper, it seems the programs listed (bellmail, caccelstat, iostat, lquerypv, restbyinode, and vmstat) all use “suid” to root, and are executable by anyone. 

    Read More

    Posted: February 8, 2018 |

    Revealing the Obvious in OpenSSL

    I’ve always felt that I understood the process of using OpenSSL for self-signed certificates and signing my own certificates—almost. Many times I have used a search engine to read up on “build your own ca server” and always I have not felt “this is it!” I did the same again today and, generally speaking, the results were the same: Create a self-signed certificate and use this to sign certificates.

    Read More

    Posted: January 2, 2018 |

    Why I Stay Away From Using gcc (on AIX)

    In the title I mention I stay away from gcc. There’s nothing wrong with gcc itself, but rather the maintenance of the run-time libraries.

    Read More

    Posted: October 3, 2017 |

    SUDO-RBAC Phase 1

    Last May I wrote about integrating SUDO and AIX RBAC. After months of no time I had a long weekend and can now say that “Phase 1” is complete. Phase 1 now needs testing—and ideally, feedback.

    Read More

    Posted: September 27, 2017 |

    Sweet32 Birthday! Your First Thoughts?

    My first thought was of when I was Sweet16 and had never been kissed (yeah, a bit late to that aspect of life). But I knew Sweet32 was going to be something different as I first saw the term in an AUSCERT notice.

    Read More

    Posted: September 11, 2017 |

    Security Isn’t Just Technology

    I just received an email, which has since been reported to our abuse team. This email reminds me that a pillar to security is making sure users know the telling signs of phishing, such as an email asking you to go to a special site (URL) because of new government regulations regarding password complexity.

    Read More

    Posted: September 4, 2017 |

    What OpenSSH Are You Using?

    Michael A.M. Felt discusses OpenSSH. 

    Read More

    Posted: August 17, 2017 |

    Displaying results 1-10 (of 47)
     |<  < 1 - 2 - 3 - 4 - 5  >  >|