Since October 14th, 2025, Microsoft has disabled previews in Windows File Explorer, for at least all downloaded files from the Internet and stored on network shares.1 Attackers could capture NTLM hashes simply by viewing the preview. I had to smile. It’s as if Microsoft had read my blog post “Why Every Windows AD Should Be Kept Offline” earlier this month,2 where I discussed exactly this kind of NTLM leakage. Read more

Not only since my seven security tips1 have I been getting questions about why I prefer to keep Windows and an Active Directory2 offline. That may sound inflexible, and in an era of AI-generated cybersecurity slop3 I may look like an outsider. So in today’s blog post I provide more context, explain the technical background, and lay out how ransomware works. Read more

A typical crisis meeting scenario: The Management and myself as an external consultant or information security officer sitting in a conference room: Our processes are being slowed down by too many security requirements. Employees are complaining. ‘Your’ IT security is becoming a risk to our business. Read more

Hard-wired networks are usually provided with numerous security features. With wireless networks, however, admins often remain blind to intrusion attempts, which can be carried out by inexperienced users thanks to affordable gadgets. The remedy is a Wireless Intrusion Detection System (WIDS). Sounds expensive, but it isn’t. Read more