Heinzi – WindowsTechs.com

What’s the deal with CISA adding CVE-2024-49035 (Microsoft Partner Center vulnerability) to its catalog of exploited vulnerabilities?

Posted on March 10, 2025 by Heinzi

Two weeks ago (Feb 25, 2025), CISA added CVE-2024-49035 to its catalog of actively exploited vulnerabilities.
Now, the thing is: CVE-2024-49035 is not a "classic" vulnerability in a software product where admins need to take acti… Continue reading What’s the deal with CISA adding CVE-2024-49035 (Microsoft Partner Center vulnerability) to its catalog of exploited vulnerabilities?→

What "power" does a Wazuh server have over a client/agent?

Posted on November 6, 2024 by Heinzi

I want to switch to a different log monitoring solution, and I am currently evaluating Wazuh, an OSSEC fork which seems to be a popular choice among the open-source community.
Reading the documentation, the following sentence caught my eye… Continue reading What "power" does a Wazuh server have over a client/agent?→

Prepare Bitlocker protected PC for disposal

Posted on October 31, 2024 by Heinzi

We want to dispose of an old notebook whose display frame is damaged. It’s a Windows device with a BitLocker (TPM+PIN) encrypted SSD.
I am trying to devise a strategy for protecting the data on the drive from recovery that is both simple (… Continue reading Prepare Bitlocker protected PC for disposal→

ThreatFox alert on Cloudflare IP

Posted on January 5, 2024 by Heinzi

On our company network, suricata just raised the following (single) alert:
{
"timestamp": "2024-01-05T12:42:28.511703+0100",
"flow_id": 1276412390854359,
"in_iface": "igb0",
… Continue reading ThreatFox alert on Cloudflare IP→

What "indicators of compromise" are there that end users can diagnose themselves?

Posted on July 27, 2023 by Heinzi

I’m responsible for the IT security of a small (~5 users) office, and I’m preparing training materials for our users.
Obviously, the first step my users should do if anything seems suspicious is to keep calm and contact me. However, if I’m… Continue reading What "indicators of compromise" are there that end users can diagnose themselves?→

Intrusion detection in a small home network

Posted on February 28, 2023 by Heinzi

The number of devices in my home network keeps growing: Apart from my gaming PC and our home office notebooks, we have the kids’ tablets, all our smart phones, a smart TV stick, some WLAN peripherals, etc. The more devices we get, the more… Continue reading Intrusion detection in a small home network→

Can it cost you money to push a number on the phone dial pad during an incoming call? [closed]

Posted on September 3, 2022 by Heinzi

Heise online, a well-known German-language technology news site, recently published an article about phone scams.
They write the following about the "Interpol scam" (emphasis mine):

Vermehrt kommt es auch zu Anrufen von Betrüger… Continue reading Can it cost you money to push a number on the phone dial pad during an incoming call? [closed]→

Mitigating the performance impact of strong hashes with Basic HTTP authentication

Posted on April 20, 2022 by Heinzi

I am trying to decide which work factor to use for our hashed passwords, and I am facing the following dilemma. Let me elaborate for a moment.
Basic HTTP authentication works as follows:

The user tries to access a protected resource.
The … Continue reading Mitigating the performance impact of strong hashes with Basic HTTP authentication→

Are there advantages to using a hardware token instead of a password on a potentially compromised system?

Posted on March 2, 2021 by Heinzi

TLDR: Is there a security benefit to regularly accessing the admin account with a hardware token rather than with a well-protected password?

Long story: I’m both a developer and the system admin of our small network. Thus, on my PC, I usu… Continue reading Are there advantages to using a hardware token instead of a password on a potentially compromised system?→

How do open-source projects prevent disclosing a bug while fixing it?

Posted on November 11, 2020 by Heinzi

I understand that many open-source projects request vulnerabilities not to be disclosed on their public bug tracker but rather by privately contacting the project’s security team, to prevent disclosing the bug before a fix is available. Th… Continue reading How do open-source projects prevent disclosing a bug while fixing it?→