Security, Security Pontification

Jesper's Blog

Obligatory file photo:

Welcome to Jesper Johansson's blog. This is my home for pontification on the web. In case this is your first time here, I have been working on information security for about 20 years, and have been writing and speaking on the topic for about 10.
My most recent book is the Windows Server 2008 Security Resource Kit . Because I am also a scuba instructor you may find some posts related to that topic as well. Just because it took me so long to get it, I also like to say that I have a Ph.D. in Management Information Systems from the University of Minnesota.

Browse by Tags

Don't fire people until after you wipe their phones: A very commonly required feature for mobile access to email is remote wipe - the ability to reach out and wipe all corporate data off a mobile device. Exchange ActiveSync supports this feature and has for several versions now. You, as the Exchange or...
Posted Thu, Apr 8 2010 by jesper | 5 comment(s)
Filed under: Windows Security, Security Pontification, Security

And finally, standard user malware: Today I finally got wind of my first piece of true standard user malware. MS Antispyware 2008 has turned standard user. The version in question installs the binaries in c:\documents and settings\all users\application data\<something>, and makes...
Posted Mon, Aug 31 2009 by jesper | 4 comment(s)
Filed under: Security Pontification, Least Privilege, Security

Please do not e-mail my social security number: Recently I had a very interesting incident. I wrote an article some time in 2008 and the publisher paid me a little bit of money for it. That means the publisher must send a report to the Internal Revenue Service (IRS - the U.S. tax department) reporting...
Posted Tue, Jan 27 2009 by jesper | 12 comment(s)
Filed under: Security Pontification, Security

Is MS08-067 Wormable?: A couple of weeks ago Microsoft released an out-of-band security update in bulletin MS08-067 . Looking at the type of vulnerability and the fact that the issue was already being exploited in the wild at the time, this was a good decision. If you have...
Posted Tue, Nov 4 2008 by jesper | 5 comment(s)
Filed under: Security Pontification, Security, Thinking differently

What They Teach Kids These Days: Sweden has always been a little "cutting edge," if you know what I mean. Little did I know, however, just how cutting edge. This picture was snapped in a toy store in Stockholm last week: I probably stood there stunned for a good two minutes...
Posted Mon, Sep 3 2007 by jesper | 1 comment(s)
Filed under: Security Pontification, Security

The Protocol Handler Saga Continues: Say What Secunia?: Sometimes you just have to wonder how far people will go to lend undeserved credibility to opinions. The Protocol Handler Saga is rapidly becoming a religious war. The latest entry is related to a very cool exploit that Billy Rios and Nate McFeters published...
Posted Thu, Jul 26 2007 by jesper | 11 comment(s)
Filed under: Security Pontification, Security

Hey, Mozilla: Quotes Are Not Legal in a URL: When I was a child, I learned a saying that I still find important to keep in mind: Those who are sitting in a glass house shall not throw stones The good folks at Mozilla may want to look up what that really means. Two days ago, Mozilla published Firefox...
Posted Fri, Jul 20 2007 by jesper | 36 comment(s)
Filed under: Windows Security, Security Pontification, Security, Windows Vista

Blocking the Firefox -> IE 0-day: Thor Larholm, unhelpfully, published details on what he claims is a 0-day exploit for Internet Explorer (IE) yesterday. This exploit is actually for Firefox, but Thor exploited it by making IE launch Firefox. Firefox creates three protocol handlers. A...
Posted Tue, Jul 10 2007 by jesper | 28 comment(s)
Filed under: Windows Security, Security Pontification, Security

Search

This Blog

Home

Community

Syndication

News

The Windows Server 2008 Security Resource Kit is available!
. You can also order it as part of the whole Windows Server 2008 Resource Kit and save some money.
Or, if you need to know about Vista instead, there is:

If you need a more general approach to help you Protect Your Windows Network, there is a book for that too

There is now a mobile version of the blog.

All postings are copyright Jesper M. Johansson or Steve Riley, in the year they were made. These postings are provided "AS IS" with no warranties, and confer no rights. All postings are the sole opinions of Jesper M. Johansson or Steve Riley and do not reflect any official opinion of anyone else with whom the poster(s) are affiliated or has been affiliated in the past. Use of included code samples is permitted for non-commercial use, with no warranties of fitness express or implied. All use of any information or code snippets posted in this blog at the user's sole risk. The blog site would like to thank www.ownwebnow.com and www.exchangedefender.com for their support.

Powered by Community Server (Commercial Edition), by Telligent Systems