Browse by Tags

All Tags » Security Pontification (RSS)
Warning! Don't run Anti-Malware Software on Your Research Machine
I do not run any anti-malware software on my primary workstation. It's a habit I got into way back when I was doing penetration assessments. I showed up at the site, fired up ye olde laptop, and went to run some tool. ...went to run some tool. Hey...
Posted 01 May 2008 12:20 PM by jesper | 5 comment(s)
Filed under:
Quantum Security
The May 2008 issue of TechNet Magazine is out. It has an article in it that I have been wanting to write for a long time, called Quantum Security . In it I posit the argument that there are some fundamental laws of security, similar to the laws of physics...
Posted 22 April 2008 06:37 PM by jesper | 2 comment(s)
Filed under: ,
How to remove the security warning, or should you?
This morning there was an interesting question in the Windows Vista Security Newsgroup . The poster had written an application that users were downloading. However, when they ran the application they received a warning dialog, like this one: The poster...
Posted 21 April 2008 11:10 AM by jesper | 8 comment(s)
Filed under:
Regulatory Silliness
Susan just pointed me to a " Self-assessment questionnaire " for the Payment Card Industry Data Security Standard (PCI/DSS). While, on the whole, the intent of that standard is good, there are some areas of it that, as usual, stray into the...
Posted 10 March 2008 10:30 AM by jesper | 7 comment(s)
Filed under:
Measuring Identity Theft
Chris Hoofnagle, of the Berkeley Center for Law And Technology just published a fascinating report entitled " Measuring Identity Theft at Top Banks ." If you have not already, and you are at all interested in security and privacy, you owe it...
Posted 29 February 2008 03:20 PM by jesper | 1 comment(s)
Filed under:
Write down your passwords
A few years back I caused quite a stir when I mentioned in passing during a presentation that writing down your password is a really good idea. A journalist in the room decided that saying so qualified me as insane, and my employer sending an insane person...
Posted 04 February 2008 05:09 PM by jesper | 9 comment(s)
Filed under:
Theft-proof biometrics
At last, there is a biometric authentication technique that cannot be stolen. Or, well, it can, but at least it won't work any longer. Drs. Philip M. Rodwell and Steven M. Furnell recently published "A non-intrusive biometric authentication mechanism...
Posted 04 February 2008 10:56 AM by jesper | 3 comment(s)
Filed under: ,
UK Government Leaks Data on Half The Country
Another day. Another data leak. Another round of buck passing. Another round of unsubstantiated claims that they really do care about people's personal information. This one is a doozy though. A junior IT admin at Her Majesty's Revenue & Customs...
Posted 21 November 2007 11:33 AM by jesper | 3 comment(s)
Filed under:
All Software Has Vulnerabilities
No matter how smug you are about it, and how much you claim that security is someone else's problem, software will have vulnerabilities. It is a fact of life because software is, by far, the most complex engineering task mankind has ever undertaken...
Posted 20 November 2007 02:04 PM by jesper | 1 comment(s)
Filed under: ,
Dilbert Knows Why Security is Struggling
If it weren't because too many security departments are like Mordac, today's Dilbert would be funny. Unfortunately, there are still far too many people working on security that fail to recognize that nobody actually wants security. Nobody bought...
Posted 16 November 2007 08:20 AM by jesper | 1 comment(s)
Filed under:
From the mouth of babes, part 12398
A couple of weeks ago I got myself invited to my oldest son's fourth-grade class to talk to the kids about security. The teacher is really into technology and is doing some very cool stuff. Unfortunately, he is not very into security, yet, so that...
Posted 09 October 2007 12:53 PM by jesper | 10 comment(s)
Filed under:
Security is not just for PCs
A friend just pointed me to this fascinating article about an attack on the Greek Vodafone network. The article discusses an attack that installed a rootkit on an Ericsson cellular phone switch which was used to divert calls of high-ranking Greek officials...
Posted 01 October 2007 09:25 AM by jesper | 5 comment(s)
Filed under:
Apparently, today was a slow news day
It must have been a slow news day today. I can't think of any other reason why the fact that an ex-Microsoft employee is considering installing a Linux box would be news . Imagine the articles if they realized that, right at this very moment, a whole...
Posted 26 September 2007 10:40 PM by jesper | 13 comment(s)
Filed under:
Blue Screen of DRM Death; or The Death Of Windows Media Center
I'm turning off, disconnecting, and throwing out my Windows XP Media Center PC. For two years it has been the DVR unit in my home, as well as just a convenient way to view movies. However, the DRM zealots have finally rendered it completely useless...
Posted 24 September 2007 09:58 PM by jesper | 29 comment(s)
Filed under:
What They Teach Kids These Days
Sweden has always been a little "cutting edge," if you know what I mean. Little did I know, however, just how cutting edge. This picture was snapped in a toy store in Stockholm last week: I probably stood there stunned for a good two minutes...
Posted 03 September 2007 01:18 PM by jesper | 4 comment(s)
Filed under: ,
More Posts Next page »