Because it’s about time I did it. Sorry people with browsers that still don’t support SNI (not that they can read this), but it’s time to move forward.

From today, this site is available over HTTPS for the security-conscious amongst you.

There are a few old posts with embedded resources that load via http, so you might get the occasional warning about that, but going forward it shouldn’t be a problem.


I am now officially a VMware Certified Professional on vSphere 5 (and 4 and 3), so yay for that and everything.

As of this morning, I am officially a Microsoft Certified IT Professional: Enterprise Administrator, which is much less impressive than it sounds. It’s basically just the 2008/2008 R2 equivalent of the MCSE, but I guess Microsoft got bored of people referring to it as “Must Consult Somebody Else” and so decided to change the name.

Why so late to the party? Well under normal circumstances I wouldn’t go out of my way to get Microsoft qualifications, but my current employer offered to pay for the exams so it seemed silly not to and I actually learned some stuff about NAP that I didn’t already know (And some stuff about RRAS that I didn’t want to).

Now to start work on my VCAP

A potential vulnerability has been found in Safeguard Enterprise 5.x and SafeGuard Easy 5.5x and Sophos Disk Encryption v 5.5x that could allow an informed attacker, under specific circumstances, to reuse outdated or invalidated credentials for locally accessing an endpoint computer.

This affects all versions of Safeguard Enterprise that I’m aware of, though patches are only available back to 5.35.0 so if you’re still running 5.30.x or (God help you) 5.21, then you’re out of luck unless you upgrade. As it is apparently difficult to identify machines that may be vulnerable, Sophos are recommending that you update all of your endpoints ASAP to be on the safe side.

Sophos, for some reason, have not announced that they have just released version of Safeguard Enterprise, which adds:

Windows 7 Support for Configuration Protection
SafeGuard Enterprise 5.50.8 Configuration Protection fully supports the 32-bit and 64-bit versions of Microsoft Windows 7.

Fast Initial Encryption
A new, optimized handling of initial encryption using full-disk encryption is now available which typically leads to a significantly reduced duration of the initial encryption process. By limiting the initial encryption to hard disk space that is actually ‘used’ and not all the available physical disk space, the performance gain can be dramatic, of course depending on the percentage of used disk space. This new operation mode can be controlled along with the other encryption policy settings and is deactivated by default.

Improved Encryption Performance
A new, improved and optimized implementation of the AES256 encryption algorithm provides better run-time performance when accessing encrypted data. Since the very same encryption module is used for full-disk as well as file-based encryption both modules (DE and DX) benefit from the improvements and yield better performance figures.

Users with active support contracts can download the release from¬†(Maybe one day they’ll get around to integrating it into the Sophos site properly).