The recent high-profile “Meltdown” and “Spectre” security event did more than expose newly-discovered problems in processor architectures dating back decades. It also exposed gaps in the Security Lifecycle Program for many organizations, possibly even in your own.
The details of this security event are already well-documented (see the original security notification in Red Hat’s Portal or this 3-minute video providing a high-level overview). So, what can your IT organization do to be better prepared for the next security event? Here are four practical actions you can take now to improve your Security Lifecycle Program.
Read the rest of "Four practical steps to improve your Security Lifecycle Program"
If you are in I.T., you've heard about Meltdown and Spectre by now. So - what are you going to do about it? Don't panic, follow your existing High Priority Security Patching processes. Start assessing, in your test environment, the performance impact of patches against your performance-sensitive workloads, especially those with heavy disk I/O or … Continue reading How to approach KPTI remediation
If you are trying to create an HBAC rule in FreeIPA to allow users to log on to Fedora 27 workstations via GDM, you will need to do the following: - Create a new HBAC service in FreeIPA, called "systemd-user" - Create an HBAC rule that includes "gdm", "gdm-password", and "systemd-user", granting access to your … Continue reading Managing access to Fedora 27 workstation with FreeIPA and HBAC
I have tried many task management solutions over time, and for the first time have found something that doesn't annoy me after a month. For almost a year now, I've been using Taskwarrior and Inthe.Am quite successfully to manage both my work tasks and my personal tasks. My requirements are seemingly simple: Tasks with due dates and projects … Continue reading Organizing life with Taskwarrior and Inthe.Am
For many, the discussion is not "should I use the public cloud?"; rather it is "how and when do I leverage the public cloud?". This is not a boolean decision, there is no need to turn off your existing data center simply because you have decided to adopt the public cloud. Hybrid Cloud and Multi … Continue reading Compliance and the Cloud, at Red Hat Summit
So ... this happened today: Matt Smith - Chief Architect, Northeast Commercial Matt will be taking on the role of Chief Architect for the Northeast team under Sean Spurrier. He has been at Red Hat for 3 years in an Account SA role most recently covering some of our larger Financial Services customers along with … Continue reading Red Hat Chief Architect, Northeast Commercial
Somehow, I became a proud new owner of a piece of (somewhat) malicious code tonight. Once making sure it was properly neutered, and after running it through VirusTotal and being surprised by how few (9/55) engines were detecting it, I decided to take a look. Sub HCYh58Llju(ByRef iKvmUvcYr3wp, ByVal Q3REKGitD, ByVal kwoeg8c) iKvmUvcYr3wp = Split(Q3REKGitD, kwoeg8c) End Sub … Continue reading Deobfuscating malware by hand