Silicon Shecky

Infosec Practitioner

Connect

CarbonBlack doesn’t do it again

By Leave a Comment

No Summer Camp for me this year. Instead I had a small family style vacation, hence why there was no post last week.

This week, I figure on ranting about CarbonBlack again. Seems while I was on vacation they did back end upgrades to Defense. These wonderful upgrades, that should have been properly tested, have caused a lot of prior fixes to not work. What does this mean? Well a ton more false positive alerts, poorer performance, a recurrence of VDI sensors getting stuck in bypass mode (or spinning up in bypass mode and issues with grouping and dismissing alerts. How do you release something without proper testing?

The statement from CB is that most of this will be fixed in the next sensor update, which comes out this month, but in the mean time there is not much that can be done. I have been a huge fan of CB Response and CB Protect in the past. Well tested, well thought out, and all the controls one needed to be able to tune properly. Defense honestly seems like they do not care. This latest update seems to have not been tested with the current sensor. New sensors usually have some issues of their own (they keep breaking prior fixes for instance) and have to be tested and vetted by organizations to make sure that they do not break anything. Meanwhile, CarbonBlack breaks things on our end by making our job that much more difficult with their back end upgrades. These are lessons to be learned from by any company out there on what not to do. This also shows the problem with going with a cloud based solution that a company has no control over the update/upgrade cycle on.

Last year’s Blackhat, CarbonBlack put out a beautiful marketing claim about Defense stopping Mimikatz. Look up the video of someone proving that wrong within days. Some people I know over at CarbonBlack knew that would happen and were not happy with their marketing department over it.

I hope that CarbonBlack realizes what a pain these items are. I know the whole first to market, gotta keep things fresh and make changes is part of the industry. Forcing people to use that latest immediately upon release is the wrong way to do things though. Why this happens with Defense (which I have picked apart before) is beyond my understanding. Confer was bought by Carbon Black a few years ago now, but it seems like it is the item they are still not sure what to do with.

 

IE8 not being pushed? Only if you work in PR.

By Leave a Comment

IE8, still not ready for everyone to use due to compatibility issues with many websites out there. Microsoft says, “We are not pushing IE8 out there yet.” Everyone breaths a sigh of relief.

At least until today. If you run updates, you should take a close look at the high priority updates. Yeah the ones that get pushed down through Automatic Updates. You will see IE8 there. Sounds like a push to me. Yet Microsoft is still claiming that they are not pushing it out.

Now I don’t know about you, but if I saw it in the Optional Software updates, I would believe them, but with it in High Priority? Come on, we all know that usually we just let the high priority updates get installed, because they are usually the most critical of the updates, and if you are set up to autoupdate, it will get pushed down and installed unless you are set up to check what updates have been downloaded for install.

To use a phrase from a segment on a sports show I listen to.. Microsoft, Who Ya Crappin?

Patches for Firefox

By Leave a Comment

So it seems that we have a new set of patches for Firefox, and that the next version has a little change to it.

The article I have read indicates that there are a bunch of critical issues patched up with yesterday’s update to Firefox, but that none have been exploited. What seems to be the biggest thing has been some issues that cause memory corruption and crashes. Now I’m not a programmer, but that sounds to me liek a big deal. The real question is, how long will it take for the autoupdate feature of Firefox to get the update? Its the one failure in my mind of the browser. I know I hear about an update, and sometimes the autoupdate doesn’t get it for a month or longer. With critical patches, you would think it would get to you a little sooner than that.

Also in the article the next release of Firefox is now 3.5. Makes sense if you ask me, since they are doing a heck of a lot to the browser, but not quite enough to warrant it being called 4.0.