Michael AM Felt

Michael AM Felt

Bookmark and Share

Recent Posts

  • Sweet32 Birthday! Your First Thoughts?
  • Security Isn’t Just Technology
  • What OpenSSH Are You Using?
  • RBAC and SUDO on AIX
  • Getting Back to RBAC
  • Sweet32 Birthday! Your First Thoughts?

    My first thought was of when I was Sweet16 and had never been kissed (yeah, a bit late to that aspect of life). But I knew Sweet32 was going to be something different as I first saw the term in an AUSCERT notice.

    Read More

    Posted: September 11, 2017 |

    Security Isn’t Just Technology

    I just received an email, which has since been reported to our abuse team. This email reminds me that a pillar to security is making sure users know the telling signs of phishing, such as an email asking you to go to a special site (URL) because of new government regulations regarding password complexity.

    Read More

    Posted: September 04, 2017 |

    What OpenSSH Are You Using?

    Michael A.M. Felt discusses OpenSSH. 

    Read More

    Posted: August 17, 2017 |

    RBAC and SUDO on AIX

    I have a confession to make: Whenever I thought about SUDO I always thought in terms of SUDO versus RBAC, rather than RBAC and SUDO.

    Read More

    Posted: May 05, 2017 |

    Getting Back to RBAC

    Five years ago I was writing a lot more about RBAC—and I had a theme to "test" RBAC. I called the theme "Never look back" and I installed a few sandbox systems and ran a few "crazy" commands to see where things broke.

    Read More

    Posted: April 11, 2017 |

    AIX and NTP

    By default AIX uses NTPv3. This probably works fine for an internal-only situation (I hope), but for a server that also talks with the "outside," I recall that NTP shows up fairly frequently in CVE messages.

    Read More

    Posted: February 16, 2017 |

    “Hard to be Current” with OSS

    As I mentioned in a tweet, ZLIB (aka libz) has been updated recently. I expect these sudden updates from version 1.2.8 to 1.2.10 were inspired by an audit performed at the request of MOSS/Secure Open Source.

    Read More

    Posted: January 26, 2017 |

    Using Internet Key Exchange Today

    Internet Key Exchange (IKE) has gone through a lot of changes in the last 20 years. The last major change was the introduction of IKEv2 and communication via port 8500 rather than ports 500 and/or 4500 for setting up what is known as Phase 1 Tunnels.

    Read More

    Posted: December 14, 2016 |

    SENDMAIL SSL efix: a Painless ifix

    There is a good chance you are not using sendmail at all (on AIX) to receive mail. However, if you are, you should be using sendmail plus ssl. If you are using sendmail and ssl you have probably applied the fix suppiled last August (First Issued: Fri Aug  7 15:15:59 CDT 2015 |Updated: Tue Aug 18 09:19:51 CDT 2015.

    Read More

    Posted: May 12, 2016 |

    Using AIXPERT to Generate Compliance Reports

    AIXPERT is an easy to use interface to both harden and verify compliance with one or more standards. A standard can be one published by a third party (e.g., CIS), one from core AIX, one from PowerSC or one of these copied and customised for your situation. The format is XML.

    Read More

    Posted: April 12, 2016 |

    Displaying results 1-10 (of 40)
     |<  < 1 - 2 - 3 - 4  >  >|