MSInfluentials
A new blog site for influential people
Sign in
|
Join
|
Help
Home
Blogs
Media
Jesper's Blog
»
All Tags
»
Security
(
RSS
)
Browse by Tags
Jesper's Blog
Home
Syndication
RSS for Posts
Atom
RSS for Comments
Email Notifications
Go
Recent Posts
Apple to iPhone Users: Please Install This Untrusted Configuration Profile
Don't fire people until after you wipe their phones
Passwords are here to stay
And finally, standard user malware
Please do not e-mail my social security number
Tags
Apple
Diving
Least Privilege
Mitigations
National Cyber Security Awareness Month
Privacy
Running Windows
Security
Security Pontification
Software Development
Thinking differently
Troubleshooting
UAC
Windows Security
Windows Server 2008
Windows Vista
View more
Archives
April 2011 (1)
October 2010 (2)
September 2010 (1)
June 2010 (2)
April 2010 (1)
February 2010 (1)
October 2009 (4)
September 2009 (1)
August 2009 (2)
July 2009 (3)
March 2009 (1)
January 2009 (1)
December 2008 (5)
November 2008 (4)
October 2008 (1)
September 2008 (1)
August 2008 (3)
July 2008 (2)
June 2008 (1)
May 2008 (4)
April 2008 (5)
March 2008 (7)
February 2008 (6)
January 2008 (3)
December 2007 (8)
November 2007 (4)
October 2007 (3)
September 2007 (4)
August 2007 (1)
July 2007 (10)
June 2007 (1)
May 2007 (3)
April 2007 (1)
Apple
Diving
Least Privilege
Mitigations
Running Windows
Security Pontification
Software Development
Thinking differently
Windows Security
Windows Vista
Apple to iPhone Users: Please Install This Untrusted Configuration Profile
It appears Apple is the only company around that doesn't use Microsoft Exchange. Apple's recently released iOS (not to be confused with Cisco's IOS) 4 apparently wasn't tested with Exchange at all. Many users are reporting slow e-mail...
Published
Wed, Jun 30 2010 3:59 PM
by
Jesper's Blog
Filed under:
Security
,
Apple
Don't fire people until after you wipe their phones
A very commonly required feature for mobile access to email is remote wipe - the ability to reach out and wipe all corporate data off a mobile device. Exchange ActiveSync supports this feature and has for several versions now. You, as the Exchange or...
Published
Thu, Apr 8 2010 10:31 PM
by
Jesper's Blog
Filed under:
Security
,
Security Pontification
,
Windows Security
Passwords are here to stay
At least for the short to medium term. That is the, quite obvious, conclusion drawn in a Newsweek article entitled "Building a Better Password." The article goes inside the CyLab at Carnegie-Mellon University to understand how passwords may...
Published
Sun, Oct 11 2009 12:54 AM
by
Jesper's Blog
Filed under:
Security
And finally, standard user malware
Today I finally got wind of my first piece of true standard user malware. MS Antispyware 2008 has turned standard user. The version in question installs the binaries in c:\documents and settings\all users\application data\<something>, and makes...
Published
Tue, Sep 1 2009 1:21 AM
by
Jesper's Blog
Filed under:
Security
,
Security Pontification
,
Least Privilege
Please do not e-mail my social security number
Recently I had a very interesting incident. I wrote an article some time in 2008 and the publisher paid me a little bit of money for it. That means the publisher must send a report to the Internal Revenue Service (IRS - the U.S. tax department) reporting...
Published
Tue, Jan 27 2009 11:38 PM
by
Jesper's Blog
Filed under:
Security
,
Security Pontification
Is MS08-067 Wormable?
A couple of weeks ago Microsoft released an out-of-band security update in bulletin MS08-067 . Looking at the type of vulnerability and the fact that the issue was already being exploited in the wild at the time, this was a good decision. If you have...
Published
Tue, Nov 4 2008 6:14 AM
by
Jesper's Blog
Filed under:
Security
,
Security Pontification
,
Thinking differently
Anatomy of a Hack 2008
A few years ago I delivered a very popular presentation I called "Anatomy of a Hack." Well, actually, I called it "How to Get Your Network Hacked in 10 Easy Steps" but the marketing department at my previous employer thought that title...
Published
Fri, Aug 22 2008 2:46 PM
by
Jesper's Blog
Filed under:
Security
,
Thinking differently
Buy the original Olympic Torch from Beijing
"Buy the original Olympic Torch from Beijing" That was one of the fake headlines in the latest "CNN.com Daily Top 10" malware spam I've been getting lately. This particular spam is a fake newsfeed which redirects you to one of...
Published
Fri, Aug 8 2008 10:38 PM
by
Jesper's Blog
Filed under:
Security
Phishing for a Tax Refund
What's wrong with this picture? If you answered "why would the IRS use a web server in Korea to ask for information about my tax refund" you are a winner! This is a phishing site preying on people who do not know that all you need to do...
Published
Sun, May 4 2008 11:30 PM
by
Jesper's Blog
Filed under:
Security
Mitigate the Image Uploader Vulnerabilities
The big security news this week is the six vulnerabilities found in various image uploader ActiveX controls. In case you haven't seen the news , there are exploits available publicly for remote vulnerabilities in five different ActiveX controls. US...
Published
Wed, Feb 6 2008 1:07 PM
by
Jesper's Blog
Filed under:
Security
,
Windows Security
,
Mitigations
Using Autoplay on Vista To Stop Attacks
The January issue of TechNet Magazine has an article I wrote about how to hack a system using autoplaying USB flash drives. While it is not possible to stop all attacks from USB tokens, Vista does include some interesting protective measures. However...
Published
Sun, Dec 23 2007 12:41 PM
by
Jesper's Blog
Filed under:
Security
,
Windows Vista
,
Running Windows
Is Firefox More Secure than Internet Explorer?
Well, sure it is. According to the Firefox web site, which must of course be untainted by marketing claims since it is Mozilla, " Firefox continues to lead the way in online security". OK, marketing hyperbole aside, I'm a data guy. I care...
Published
Fri, Nov 30 2007 2:28 PM
by
Jesper's Blog
Filed under:
Security
,
Windows Security
,
Software Development
What They Teach Kids These Days
Sweden has always been a little "cutting edge," if you know what I mean. Little did I know, however, just how cutting edge. This picture was snapped in a toy store in Stockholm last week: I probably stood there stunned for a good two minutes...
Published
Mon, Sep 3 2007 3:18 PM
by
Jesper's Blog
Filed under:
Security
,
Security Pontification
The Protocol Handler Saga Continues: Say What Secunia?
Sometimes you just have to wonder how far people will go to lend undeserved credibility to opinions. The Protocol Handler Saga is rapidly becoming a religious war. The latest entry is related to a very cool exploit that Billy Rios and Nate McFeters published...
Published
Thu, Jul 26 2007 6:19 PM
by
Jesper's Blog
Filed under:
Security
,
Security Pontification
Hey, Mozilla: Quotes Are Not Legal in a URL
When I was a child, I learned a saying that I still find important to keep in mind: Those who are sitting in a glass house shall not throw stones The good folks at Mozilla may want to look up what that really means. Two days ago, Mozilla published Firefox...
Published
Sat, Jul 21 2007 12:25 AM
by
Jesper's Blog
Filed under:
Security
,
Security Pontification
,
Windows Security
,
Windows Vista
1
2
Next >
All postings are copyright Jesper M. Johansson or Steve Riley, in the year they were made. These postings are provided "AS IS" with no warranties, and confer no rights. All postings are the sole opinions of Jesper M. Johansson or Steve Riley and do not reflect any official opinion of anyone else with whom the poster(s) are affiliated or has been affiliated in the past. Use of included code samples is permitted for non-commercial use, with no warranties of fitness express or implied. All use of any information or code snippets posted in this blog at the user's sole risk. The blog site would like to thank www.ownwebnow.com and www.exchangedefender.com for their support.