Munir Kotadia, an IT Journalist in Australia, has finally managed to figure out how to blame Microsoft for the fake anti-malware epidemic. Apparently, the reason is that "Microsoft could save the world from fake security applications by introducing...
One of the last areas where more tool support is needed is in monitoring the various attributes in Active Directory (AD). Recently I got curious about the delegation flags, and, more to the point, how to tell which accounts have been trusted for delegation...
It's official. I just received an e-mail from Thawte notifying me that, as of November 16, 2009, the most innovative and useful idea in PKI since its inception, the Web of Trust , will die. Thawte was founded 14 years ago by Mark Shuttleworth. The...
At least for the short to medium term. That is the, quite obvious, conclusion drawn in a Newsweek article entitled "Building a Better Password." The article goes inside the CyLab at Carnegie-Mellon University to understand how passwords may...
Today I finally got wind of my first piece of true standard user malware. MS Antispyware 2008 has turned standard user. The version in question installs the binaries in c:\documents and settings\all users\application data\<something>, and makes...
In an absolutely astonishing move Microsoft's Polish subsidiary decided to do some photoshopping on its Business Productivity Infrastructure page to tailor it to the Polish market. Here you can see the U.S. original . In one of the least sensitive...
Good Wednesday afternoon (or Thursday morning, for those on the other side of the date line). Since my new job largely revolves around speaking to audiences about cloud computing, I've decided that rather than observe from the sidelines I should jump...
Last week, an expert from Verizon, nee Cybertrust, posted a note about the Active Template Library (ATL) security vulnerability over on the Verizon Business Security Blog . For home users, the phone company now advises you to use a different browser,...
This morning I talked to my dad. After a few minutes of polite small talk, I heard the 10 little words I have come to dread: “I had some problems with my computer the other day.” The video card on his laptop had died. The screen was just black...
In May, in one of the more inexplicable moves this year, Microsoft laid off my good friend Steve Riley, four days before he was to deliver half a dozen presentations at TechEd. Fortunately, it did not take Steve long to find a new gig. This Monday, he...
On Monday 13 July I start my new position as evangelist and strategist for Amazon Web Services . What is AWS, you ask? I’ll briefly explain. Unless you’ve spent the last couple years engaged in distant interstellar space travel, you’ve certainly noticed...
For the past few days I've been following the Microsoft Video Control Vulnerability with interest. Basically, it's another vulnerable ActiveX control that needs killbitted. Last night, Microsoft posted a work-around which involves using a Group...
My good friend Andreas Wuchner holds the fascinating position of IT Risk Manager at Novartis Pharmaceuticals. Recently he started a new blog , where he collaborates with other authors to create knowledge and raise awareness of good risk management practices...
Oh the heels of my previous discussion about vulnerabilities in Green Dam Youth Escort, Secunia reports, via a third party, the discovery of a URL processing overflow vulnerability in the software. They rate it highly critical: it allows a remote attacker...
Have you ever tried feeding something you wrote into an online language translator, then doing it a second time back to your original language? The results can be uproarious. You may recall my writings a couple years ago about the necessity of antivirus...