Jesper's Blog
Obligatory file photo:
Welcome to Jesper Johansson's blog. This is my home for pontification on the web. In case this is your first time here, I have been working on information security for about 20 years, and have been writing and speaking on the topic for about 10. I am also a
Microsoft MVP
in Windows Security.
My most recent book is
Windows Vista Security
with Roger Grimes. Because I am also a scuba instructor you may find some posts related to that topic as well. Just because it took me so long to get it, I also like to say that I have a Ph.D. in Management Information Systems from the University of Minnesota.
Browse by Tags
All Tags
»
Security
(
RSS
)
Diving
Least Privilege
Mitigations
Running Windows
Security Pontification
Software Development
Windows Security
Windows Vista
Phishing for a Tax Refund
What's wrong with this picture? If you answered "why would the IRS use a web server in Korea to ask for information about my tax refund" you are a winner! This is a phishing site preying on people who do not know that all you need to do...
Mitigate the Image Uploader Vulnerabilities
The big security news this week is the six vulnerabilities found in various image uploader ActiveX controls. In case you haven't seen the news , there are exploits available publicly for remote vulnerabilities in five different ActiveX controls. US...
Using Autoplay on Vista To Stop Attacks
The January issue of TechNet Magazine has an article I wrote about how to hack a system using autoplaying USB flash drives. While it is not possible to stop all attacks from USB tokens, Vista does include some interesting protective measures. However...
Is Firefox More Secure than Internet Explorer?
Well, sure it is. According to the Firefox web site, which must of course be untainted by marketing claims since it is Mozilla, " Firefox continues to lead the way in online security". OK, marketing hyperbole aside, I'm a data guy. I care...
What They Teach Kids These Days
Sweden has always been a little "cutting edge," if you know what I mean. Little did I know, however, just how cutting edge. This picture was snapped in a toy store in Stockholm last week: I probably stood there stunned for a good two minutes...
The Protocol Handler Saga Continues: Say What Secunia?
Sometimes you just have to wonder how far people will go to lend undeserved credibility to opinions. The Protocol Handler Saga is rapidly becoming a religious war. The latest entry is related to a very cool exploit that Billy Rios and Nate McFeters published...
Hey, Mozilla: Quotes Are Not Legal in a URL
When I was a child, I learned a saying that I still find important to keep in mind: Those who are sitting in a glass house shall not throw stones The good folks at Mozilla may want to look up what that really means. Two days ago, Mozilla published Firefox...
New Firefox Available
Mozilla has published a new Firefox. Version 2.0.0.5 fixes the FirefoxURL protocol handler issue by changing the calling convention for the protocol handler. Instead of the old calling convention: C:\\PROGRA~1\\MOZILL~2\\FIREFOX.EXE -url “%1″ -requestPending...
Blocking the Firefox -> IE 0-day
Thor Larholm, unhelpfully, published details on what he claims is a 0-day exploit for Internet Explorer (IE) yesterday. This exploit is actually for Firefox, but Thor exploited it by making IE launch Firefox. Firefox creates three protocol handlers. A...
It's been a month already?
It has really been a month since my last post. I will try not to let it go that far between them again. I've been busy with diving, and writing. On that note, my second Access Control List (ACL) article came out in TechNet Magazine this week. It is...
Wiping a drive, the easy way
While poking around for a blog post on Susan's blog, I found this one , asking how to wipe a drive. Teacher, Teacher, I know the answer, I know: cipher /w:<drive letter> This command, built into Windows XP and higher, does a three-write pass...
Admin Rights Hall Of Shame and Complaint Abuses
A few weeks ago I bought a copy of Nobeltec's Tides and Currents software. Nobeltec is a subsidiary of Jeppesen, well known for their aviation, and apparently now also marine, navigation charts. I was told this software was by far the best way to...
Interesting Phishing Twist
The other day I got a phishing mail purporting to be from E-Bay. That part in and of itself was not unusual. What was interesting was that the link used a different technique to disguise itself than what I have seen before. Instead of using a URL made...
Search
Go
This Blog
Home
Contact
About
News
The
Windows Server 2008 Security Resource Kit
is available!
.
You can also order it as part of the whole
Windows Server 2008 Resource Kit
and save some money.
Or, if you need to know about Vista instead, there is:
If you need a more general approach to help you
Protect Your Windows Network
, there is a book for that too
There is now a
mobile version
of the blog.
Tags
Diving
Least Privilege
Mitigations
Running Windows
Security
Security Pontification
Software Development
Thinking differently
Troubleshooting
Windows Security
Windows Server 2008
Windows Vista
Navigation
Home
Blogs
Photos
Downloads
Archives
May 2008 (3)
April 2008 (5)
March 2008 (5)
February 2008 (6)
January 2008 (3)
December 2007 (7)
November 2007 (4)
October 2007 (3)
September 2007 (4)
August 2007 (1)
July 2007 (10)
May 2007 (4)
April 2007 (3)
March 2007 (1)
February 2007 (1)
January 2007 (1)
December 2006 (1)
November 2006 (1)
October 2006 (2)
September 2006 (12)
August 2006 (5)
Links
My Microsoft Blog
Steve's Blog
Susan's SBS blog
Alun Jones is a great guy, with great insight
Jen's blog
Aaron Margosis' blog
Syndication
RSS
Atom
Comments RSS
Receive Email Updates
Subscribe