Browse by Tags

All Tags » Security Pontification (RSS)
Fake Anti-Malware is Apparently Microsoft's Fault
Munir Kotadia, an IT Journalist in Australia, has finally managed to figure out how to blame Microsoft for the fake anti-malware epidemic. Apparently, the reason is that "Microsoft could save the world from fake security applications by introducing...
Posted Sat, Oct 24 2009 by jesper | 4 comment(s)
Filed under:
Web Of Trust: RIP
It's official. I just received an e-mail from Thawte notifying me that, as of November 16, 2009, the most innovative and useful idea in PKI since its inception, the Web of Trust , will die. Thawte was founded 14 years ago by Mark Shuttleworth. The...
Posted Tue, Oct 13 2009 by jesper | 3 comment(s)
Filed under: ,
And finally, standard user malware
Today I finally got wind of my first piece of true standard user malware. MS Antispyware 2008 has turned standard user. The version in question installs the binaries in c:\documents and settings\all users\application data\<something>, and makes...
Posted Mon, Aug 31 2009 by jesper | 4 comment(s)
Filed under: , ,
Is it ActiveX that is the problem?
Last week, an expert from Verizon, nee Cybertrust, posted a note about the Active Template Library (ATL) security vulnerability over on the Verizon Business Security Blog . For home users, the phone company now advises you to use a different browser,...
Posted Sun, Aug 9 2009 by jesper | 5 comment(s)
Filed under:
Please do not e-mail my social security number
Recently I had a very interesting incident. I wrote an article some time in 2008 and the publisher paid me a little bit of money for it. That means the publisher must send a report to the Internal Revenue Service (IRS - the U.S. tax department) reporting...
Posted Tue, Jan 27 2009 by jesper | 12 comment(s)
Filed under: ,
Kip Hawley: "No, the TSA is Necessary Because This is War!"
CBS News did a story a few days ago on the Transportation Security Administration (TSA). Basically it was a tit-for-tat between Bruce Schneier , security pontificator extraordinaire, and Kip Hawley, the administrator of the TSA. Mr. Hawley's maintans...
Posted Wed, Dec 24 2008 by jesper | 6 comment(s)
Filed under:
One "Hacker" Attempts to Rule The World
Wired, always a source for amusement and interesting literature, just carried a story on a "hacker" (the magazine's use of the term equates to "criminal") who attempted to dominate the market in stolen credit cards. It's a...
Posted Wed, Dec 24 2008 by jesper | 1 comment(s)
Filed under:
Believe it or not; DRM for Zune is down!
Shocking, yes, I know, but in only four hours this evening Microsoft has managed to alienate over 150 additional customers with its insistence on Digital Rights Management (DRM). This time it is the DRM component of the Zune store that is down, according...
Posted Mon, Dec 15 2008 by jesper | 6 comment(s)
Filed under:
What do you think, should I do it?
I get a fair bit of blog spam - comments advertising everything from sexual enhancers to fake anti-malware. This one just came in this morning: Sweet! I can turn off all the blog spam just by e-mailing the criminals? Or, could it possibly be that this...
Posted Sun, Nov 16 2008 by jesper | 2 comment(s)
Filed under:
Fun Experiences at Airport Security
For a while I've been thinking about writing something about interesting times I've had at various airport security checkpoints; security theater, as they have come to be known. There is the obvious shoe removal arguments and the ill-defined rules...
Posted Sat, Nov 15 2008 by jesper | 10 comment(s)
Filed under:
Is MS08-067 Wormable?
A couple of weeks ago Microsoft released an out-of-band security update in bulletin MS08-067 . Looking at the type of vulnerability and the fact that the issue was already being exploited in the wild at the time, this was a good decision. If you have...
Posted Tue, Nov 4 2008 by jesper | 5 comment(s)
Filed under: , ,
Security is About Passwords and Credit Cards, Part 3
The final installment in my series called " Security is About Passwords and Credit Cards " is now up on TechNet Magazine. This part of the series discusses updating technologies, including how not to abuse them, messaging about security, and...
Posted Sat, Aug 9 2008 by jesper | 1 comment(s)
Filed under:
Security is About Passwords and Credit Cards Part 2
The second part of my " Security is About Passwords and Credit Cards " article just hit the web. This installment looks at logon processes, misleading security eye candy, and insecure communications with customers. As always, I'd love your...
Posted Thu, Jul 3 2008 by jesper | 2 comment(s)
Filed under:
Security is About Passwords and Credit Cards
Security is About Passwords and Credit Cards. That's what a very nice lady told me a few months ago. At first I shrugged it off. Of course security is so much more than that. As I started to process it though I realized that is exactly what it is...
Posted Fri, Jun 20 2008 by jesper | 3 comment(s)
Filed under:
Thoughts on Security by Obscurity
This has not really been that normal a week for me, but at least another article made it into print. The June 2008 issue of TechNet Magazine is headlined by an article I wrote with my friend Roger Grimes, Security Adviser for Infoworld , on Security by...
Posted Tue, May 13 2008 by jesper | 3 comment(s)
Filed under: ,
More Posts Next page »