Badlock might not be bad for all. If you are using Ansible you can patch your systems with a single playbook (or ad hoc command). For RPM based OS users Badlock (samba) patching is as easy as: ansible -m shell -a "yum update *samba*" all Or you can be very granular and use an Ansible Playbook to audit and patch samba packages: --- - hosts: all tasks: - name: Check if samba packages are installed shell:…
As more and more security policies demand the use of multi-factor authentication the number of times a day you use a multi-factor token will increase. Hopefully that number will not increase to a level that throws the balance of security and convenience towards the annoyingly secure side of the scale. But, if that ever does happen hopefully you can use an Yubikey as your token. There are various sizes and styles of Yubikey to suit your…
Ansible is a great orchestration tool. The low barrier to entry and simplicity of Ansible are why so many people that start using it love it. But there is one feature in Ansible that probably should be used more often. That feature is Ansible Vault.
“Vault” is a feature of ansible that allows keeping sensitive data such as passwords or keys in encrypted files, rather than as plaintext in your playbooks or roles. These vault files can then be distributed or placed in source control.
This means you can store just about anything in Ansible files. SSH keys, MySQL user passwords, and secret API keys are all fair game in Ansible Vaults. Then you can safely check this data into your repo with a reasonable expectation that it is safe from Github crawlers and other prying eyes.
The best use
Apple has introduced a new security feature in Mac OS X El Capitan (10.11) called System Integrity Protection (sometimes referred to as rootless). What is System Integrity Protection? According to Apple's documentation: A new security policy that applies to every running process, including privileged code and code that runs out of the sandbox. The policy extends additional protections to components on disk and at run-time, only allowing system binaries to be modified by the system…
If you have not heard, the phenomenal cloud base SaaS password manager, LastPass has agreed to be acquired be the not so customer friendly LogMeIn. The IT world immediately panned the anti-idea as anti-consumer and the security world agreed and raised all sorts of red flags as well.
People dislike LogMeIn for a variety of reasons but the main one is that they pulled the rugs out from under a lot of folks who were using LogMeIn to help administer remote computers (I was one of these people). LogMeIn rapidly increased pricing on their services making their product go from consumer to "prosumer" to full blown enterprise pricing very quickly. Some people didn't have time to get something else installed on the systems they were administering with LogMeIn before their service was cut.
Given the LastPass business model (free to